Mike Mimoso and Chris Brook discuss the news of the week, including a password issue at Github, the xDedic marketplace, another Flash zero day, and how the poorly the FBI is doing with facial recognition software.

Download: Threatpost_News_Wrap_June_17_2016.mp3

Music by Chris Gonsalves

References

traffic.libsyn.com/digitalunderground/Threatpost_News_Wrap_June_17_2016.mp3

itunes.apple.com/us/podcast/digital-underground-podcast/id315355232?mt=2

zdt 4

ibm 8

packetstorm 3

threatpost 19

dsquare 1

redhatcve 1

nessus 7

exploitpack 1

attackerkb 3

trendmicroblog 1

krebs 1

cve 1

impervablog 2

cisa_kev 1

myhack58 3

osv 2

checkpoint_advisories 1

ubuntucve 1

f5 1

github 2

akamaiblog 1

prion 1

veracode 1

openvas 3

qualysblog 3

talosblog 1

nuclei 1

kitploit 5

cisco 1

metasploit 1

exploitdb 1

githubexploit 3

thn 3

rapid7blog 1

fireeye 1

oracle 3

zdt

Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (2) Exploit

2018-08-28 00:00:00

Apache Struts 2 Namespace Redirect OGNL Injection Exploit

2018-09-08 00:00:00

Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (1) Exploit

2018-08-28 00:00:00

ibm

Security Bulletin: Content Collector for Email, File Systems, Microsoft SharePoint and IBM Connections are affected by a publicly disclosed vulnerability found by vFinder: Eclipse Jetty

2018-11-12 12:55:02

Security Bulletin: A vulnerability in Apache Struts affects the IBM FlashSystem V840

2019-02-18 15:05:01

Security Bulletin: Apache Struts Vulnerability Can Affect IBM Sterling Order Management (CVE-2018-11776)

2018-10-17 15:25:01

packetstorm

Apache Struts 2 Namespace Redirect OGNL Injection

2018-09-07 00:00:00

Apache Struts 2.3 / 2.5 Remote Code Execution

2018-08-26 00:00:00

Apache Struts 2.3 / 2.5 Remote Code Execution

2018-08-25 00:00:00

threatpost

Slack Plugs Token Security Hole

2016-04-30 07:25:42

Audit of GitHub SSH Keys Finds Many Still Vulnerable to Old Debian Bug

2015-06-03 07:37:04

Army Research Lab Releases Dshell Forensics Framework

2015-01-30 10:59:44

dsquare

Apache Struts 2 Multiple Tags Result Namespace Handling RCE

2018-10-20 00:00:00

redhatcve

CVE-2018-11776

2018-08-22 08:49:33

nessus

Cisco Unified Communication Manager Apache Struts RCE (CSCvm14042)

2018-09-05 00:00:00

Apache Struts CVE-2018-11776 Results With No Namespace Remote Code Execution (S2-057) (remote)

2018-08-23 00:00:00

Cisco Identity Services Engine Struts2 Namespace Vulnerability

2018-08-31 00:00:00

exploitpack

Apache Struts 2.3 2.3.34 2.5 2.5.16 - Remote Code Execution (1)

2018-08-26 00:00:00

attackerkb

CVE-2018-11776

2018-08-22 00:00:00

CVE-2019-0230

2020-09-14 00:00:00

CVE-2022-26134

2022-07-13 00:00:00

trendmicroblog

Server Security for the Modern IT Ecosystem

2019-01-03 15:30:46

krebs

Experts Urge Rapid Patching of ‘Struts’ Bug

2018-08-23 20:22:35

cve

CVE-2018-11776

2018-08-22 13:29:00

impervablog

Read: Apache Struts Patches ‘Critical Vulnerability’ CVE-2018-11776

2018-08-23 14:25:36

The World’s Most Popular Coding Language Happens to be Most Hackers’ Weapon of Choice

2018-09-26 16:18:36

cisa_kev

Apache Struts Remote Code Execution Vulnerability

2021-11-03 00:00:00

myhack58

Apache Struts2 S2-057 vulnerability analysis and early warning-vulnerability warning-the black bar safety net

2018-08-23 00:00:00

Apache Struts OGNL injection vulnerability principle with an example-vulnerability warning-the black bar safety net

2019-03-30 00:00:00

S2-057 vulnerability in the original author's README: how to use automated tools find 5 RCE-vulnerability warning-the black bar safety net

2018-08-23 00:00:00

osv

CVE-2018-11776

2018-08-22 13:29:00

Apache Struts vulnerable to remote command execution (RCE) due to improper input validation

2018-10-18 19:24:38

checkpoint_advisories

Apache Struts Remote Code Execution (CVE-2018-11776)

2018-08-23 00:00:00

ubuntucve

CVE-2018-11776

2018-08-22 00:00:00

K60499474 : Apache Struts vulnerability CVE-2018-11776

2018-08-24 00:00:00

github

Apache Struts vulnerable to remote command execution (RCE) due to improper input validation

2018-10-18 19:24:38

Bypassing OGNL sandboxes for fun and charities

2023-01-27 16:00:49

akamaiblog

Web Application and API Protection -- From SQL Injection to Magecart

2020-09-09 13:00:00

prion

Remote code execution

2018-08-22 13:29:00

veracode

Remote Code Execution (RCE)

2018-08-22 17:36:38

openvas

Apache Struts Security Update (S2-057) - Version Check

2018-08-23 00:00:00

Huawei Data Communication: Apache Struts2 S2-057 Remote Code Execution Vulnerability in Some Huawei Products (huawei-sa-20181121-01-struts2)

2020-06-05 00:00:00

Apache Struts Security Update (S2-057) - Active Check

2018-08-27 00:00:00

qualysblog

Security News: Hackers Aim Ransomware at Big Cos., as Experts Call for Swift Patching of Struts Bug

2018-08-27 18:32:33

Detecting Apache Struts 2 Namespace RCE: CVE-2018-11776

2018-08-23 20:27:19

Managing CISA Known Exploited Vulnerabilities with Qualys VMDR

2022-02-23 05:39:00

talosblog

Connecting the dots between recently active cryptominers

2018-12-18 08:33:00

nuclei

Apache Struts2 S2-057 - Remote Code Execution

2021-02-24 04:29:30

kitploit

Mitaka - A Browser Extension For OSINT Search

2019-09-21 12:00:00

Apache Struts v3 - Tool To Exploit 3 RCE Vulnerabilities On ApacheStruts

2018-08-26 21:14:00

Sn1per v7.0 - Automated Pentest Framework For Offensive Security Experts

2019-05-12 13:09:00

cisco

Apache Struts Remote Code Execution Vulnerability Affecting Cisco Products: August 2018

2018-08-23 20:00:00

metasploit

Apache Struts 2 Namespace Redirect OGNL Injection

2018-08-31 18:48:22

exploitdb

Apache Struts 2 - Namespace Redirect OGNL Injection (Metasploit)

2018-09-10 00:00:00

githubexploit

Exploit for Injection in Atlassian Confluence

2021-10-06 23:24:24

Exploit for Injection in Atlassian Confluence

2021-10-06 23:24:24

Exploit for Injection in Atlassian Confluence

2021-10-06 23:24:24

thn

Cisco Issues Security Patch Updates for 32 Flaws in its Products

2018-09-06 08:45:00

New Apache Struts RCE Flaw Lets Hackers Take Over Web Servers

2018-08-22 14:04:00

Top 15 Vulnerabilities Attackers Exploited Millions of Times to Hack Linux Systems

2021-08-23 13:27:00

rapid7blog

Active Exploitation of Confluence CVE-2022-26134

2022-06-02 23:27:15

fireeye

Think Fast: Time Between Disclosure, Patch Release and Vulnerability Exploitation — Intelligence for Vulnerability Management, Part Two

2020-04-13 00:00:00

oracle

Oracle Critical Patch Update Advisory - January 2019

2019-01-15 00:00:00

Oracle Critical Patch Update - October 2018

2018-12-18 00:00:00

Oracle Critical Patch Update Advisory - July 2020

2020-07-14 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

0.976 High

EPSS

Percentile

100.0%

JSON

Related for THREATPOST:962241D6EFDC7F82640BA9171D82D0B7