Injection vulnerability – Page 4 – Experimental News Clipping Site

Cisco Talos Blog: Whatsup Gold, Observium and Offis vulnerabilities

Jan 29, 2025

—

by

Source URL: https://blog.talosintelligence.com/whatsup-gold-observium-offis-vulnerabilities/ Source: Cisco Talos Blog Title: Whatsup Gold, Observium and Offis vulnerabilities Feedly Summary: Cisco Talos’ Vulnerability Research team recently disclosed three vulnerabilities in Observium, three vulnerabilities in Offis, and four vulnerabilities in Whatsup Gold. These vulnerabilities exist in Observium, a network observation and monitoring system; Offis DCMTK, a collection of libraries and applications…

Bulletins: Vulnerability Summary for the Week of December 16, 2024

Jan 27, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.cisa.gov/news-events/bulletins/sb24-358 Source: Bulletins Title: Vulnerability Summary for the Week of December 16, 2024 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1000 Projects–Attendance Tracking Management System A vulnerability has been found in 1000 Projects Attendance Tracking Management System 1.0 and classified as critical. Affected by this vulnerability is…

Bulletins: Vulnerability Summary for the Week of January 20, 2025

Jan 27, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.cisa.gov/news-events/bulletins/sb25-026 Source: Bulletins Title: Vulnerability Summary for the Week of January 20, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info aEnrich Technology–a+HRD The a+HRD from aEnrich Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database…

Bulletins: Vulnerability Summary for the Week of December 2, 2024

Jan 27, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.cisa.gov/news-events/bulletins/sb24-344 Source: Bulletins Title: Vulnerability Summary for the Week of December 2, 2024 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description8 Published CVSS Score Source Info SailPoint Technologies–IdentityIQ IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2…

The Register: Don’t want your Kubernetes Windows nodes hijacked? Patch this hole now

Jan 24, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/01/24/kubernetes_windows_nodes_bug/ Source: The Register Title: Don’t want your Kubernetes Windows nodes hijacked? Patch this hole now Feedly Summary: SYSTEM-level command injection via API parameter *chef’s kiss* A now-fixed command-injection bug in Kubernetes can be exploited by a remote attacker to gain code execution with SYSTEM privileges on all Windows endpoints in a cluster,…

Alerts: CISA and FBI Release Advisory on How Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications

Jan 22, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.cisa.gov/news-events/alerts/2025/01/22/cisa-and-fbi-release-advisory-how-threat-actors-chained-vulnerabilities-ivanti-cloud-service Source: Alerts Title: CISA and FBI Release Advisory on How Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications Feedly Summary: CISA, in partnership with the Federal Bureau of Investigation (FBI), released Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications. This advisory was crafted in response to active exploitation of vulnerabilities—CVE-2024-8963,…

Alerts: CISA Adds One Known Exploited Vulnerability to Catalog

Jan 16, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.cisa.gov/news-events/alerts/2025/01/16/cisa-adds-one-known-exploited-vulnerability-catalog Source: Alerts Title: CISA Adds One Known Exploited Vulnerability to Catalog Feedly Summary: CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-50603 Aviatrix Controllers OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks…

Alerts: CISA Adds Two Known Exploited Vulnerabilities to Catalog

Jan 14, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.cisa.gov/news-events/alerts/2025/01/13/cisa-adds-two-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Two Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-12686 BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command Injection Vulnerability CVE-2024-48365 Qlik Sense HTTP Tunneling Vulnerability These types of vulnerabilities…

Embrace The Red: AI Domination: Remote Controlling ChatGPT ZombAI Instances

Jan 7, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/spaiware-and-chatgpt-command-and-control-via-prompt-injection-zombai/ Source: Embrace The Red Title: AI Domination: Remote Controlling ChatGPT ZombAI Instances Feedly Summary: At Black Hat Europe I did a fun presentation titled SpAIware and More: Advanced Prompt Injection Exploits. Without diving into the details of the entire talk, the key point I was making is that prompt injection can impact…

Hacker News: Apache fixes Traffic Control bug that attackers could exploit

Dec 30, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.scworld.com/news/apache-fixes-traffic-control-bug-that-attackers-could-exploit Source: Hacker News Title: Apache fixes Traffic Control bug that attackers could exploit Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses a critical vulnerability in Apache Traffic Control, specifically the Traffic Ops component, which is rated 9.9 on the CVSS scale. This SQL injection vulnerability enables privileged attackers…

Tag: Injection vulnerability