Exploit for Code Injection in Xwiki

📜 Description A critical RCE vulnerability exists in...

How Can Deliberately Flawed APIs Help In Mastering API Security?

In our recent webinar recent webinar title 'A CISO’s Checklist for Securing APIs and Applications', we delved into the concept of creating an API security playground tailored for both developer and security teams. The core idea revolves around utilizing intentionally vulnerable APIs as training...

PT-2023-31671 · Hestiacp · Hestiacp

Name of the Vulnerable Software and Affected Versions: hestiacp/hestiacp versions prior to 1.8.8 Description: The issue is related to Cross-site Scripting XSS - Reflected. This means that an attacker can inject malicious scripts into a website, which can then be executed by other users. The...

2023 Predictions: The Data Security Shake-up

The move to the cloud continues to create complexity around data security. In 2023, Imperva believes the increasingly diverse data landscape will drive a fundamental shift in the people, processes, and technology in cybersecurity. Imperva’s data security leaders explain how IT environments will...

Top 10 Cloud security tips

About half of the pen tests we’re asked to do involved cloud services at some point. We’ve even tested a cloud platform on an aeroplane – the irony was not lost on us! There is a multitude of ways to improve the security of your cloud platforms and often those ways are ever-changing or obscured...

Docker Dashboard Remote Command Execution

!/usr/bin/python -- coding: UTF-8 -- dockdash.py Docker Dashboard Remote Command Execution Exploit Jeremy Brown jbrown3264/gmail July 2021 "A simple web based GUI for managing Docker containers and images" Note: this app is NOT part of the official docker product, nor related to the Docker...