30 matches found
ServiceNow - Incomplete Input Validation
ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addresse...
CVE-2024-4879
ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted...
Exploit for Improper Validation of Specified Type of Input in Servicenow
CVE-2024-4879-ServiceNow ServiceNow is a platform for busi...
CVE-2024-4879
ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted...
CVE-2024-5178
ServiceNow has addressed a sensitive file read vulnerability that was identified in the Washington DC, Vancouver, and Utah Now Platform releases. This vulnerability could allow an administrative user to gain unauthorized access to sensitive files on the web application server. The vulnerability i...
CVE-2024-5217
ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addresse...
CVE-2024-5217 Incomplete Input Validation in GlideExpression Script
ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addresse...
CVE-2024-5217
ServiceNow CVE-2024-5217 is an input-validation vulnerability in Now Platform’s GlideExpression script: an unauthenticated user can exploit an incomplete disallowed-input list to achieve remote code execution. The issue affects Washington DC, Vancouver, and earlier releases, with patches/hot fixe...
CVE-2024-5178 Incomplete Input Validation in SecurelyAccess API
ServiceNow has addressed a sensitive file read vulnerability that was identified in the Washington DC, Vancouver, and Utah Now Platform releases. This vulnerability could allow an administrative user to gain unauthorized access to sensitive files on the web application server. The vulnerability i...
CVE-2024-5178
CVE-2024-5178 affects ServiceNow Now Platform, where an administrative user could read sensitive files on the web application server. The vulnerability was identified in the Washington DC, Vancouver, and Utah releases and is addressed by patches and hot fixes released during the June 2024 patchin...
CVE-2024-4879 Jelly Template Injection Vulnerability in ServiceNow UI Macros
ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted...
CVE-2024-4879
CVE-2024-4879 affects ServiceNow Now Platform (Vancouver/Washington DC/Utah releases). It is an input-validation/template-injection flaw enabling unauthenticated remote code execution with network access and no user interaction, per multiple sources. The issue has high-severity CVSS values (aroun...
CVE-2024-4879
ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted...
CVE-2024-5217
ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addresse...
washington.dc.networkofcare.org Cross Site Scripting vulnerability OBB-3885750
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
washington.dc.networkofcare.org Cross Site Scripting vulnerability OBB-3883435
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Threat Source newsletter (March 16, 2023) — A deep dive into Talos' work in Ukraine
Welcome to this weeks edition of the Threat Source newsletter. Were written a ton about Cisco Talos support of Ukraine and our friends and allies there. Now, we encourage you to watch and listen to the folks who have been working hands-on there. The latest episode of ThreatWise TV from Hazel Burt...
Attackers waited until holidays to hit US government
The government industry in the United States dealt with heavy hitting breaches against local, federal, and state government networks, primarily during the first quarter of 2021. Our telemetry revealed a small spike in a generic backdoor detection, known as Backdoor.Agent, during March of 2021,...
washington.dc.networkofcare.org Cross Site Scripting vulnerability OBB-2614487
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
2034, Part II: Blackout in Washington, DC
“So much was happening and yet they had no news. Everything had been compromised.”...