Tag: path traversal

  • The Register: Six vulnerabilities in ubiquitous rsync tool announced and fixed in a day

    Source URL: https://www.theregister.com/2025/01/17/rsync_vulnerabilities/ Source: The Register Title: Six vulnerabilities in ubiquitous rsync tool announced and fixed in a day Feedly Summary: Turns out tool does both file transfers and security fixes fast Don’t panic. Yes, there were a bunch of CVEs affecting potentially hundreds of thousands of users found in rsync in early December –…

  • Hacker News: Researchers have identified a total of 6 vulnerabilities in rsync

    Source URL: https://www.openwall.com/lists/oss-security/2025/01/14/3 Source: Hacker News Title: Researchers have identified a total of 6 vulnerabilities in rsync Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses multiple vulnerabilities identified in the rsync software, including a critical heap buffer overflow that allows arbitrary code execution with minimal access rights. This communication is especially…

  • Hacker News: WorstFit: Unveiling Hidden Transformers in Windows ANSI

    Source URL: https://blog.orange.tw/posts/2025-01-worstfit-unveiling-hidden-transformers-in-windows-ansi/ Source: Hacker News Title: WorstFit: Unveiling Hidden Transformers in Windows ANSI Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses a novel security vulnerability termed “WorstFit” that exploits Microsoft Windows’ character encoding and conversion mechanisms, particularly its Best-Fit behavior, leading to various forms of attacks including Remote Code Execution…

  • The Register: Mitel 0-day, 5-year-old Oracle RCE bugs under active exploit

    Source URL: https://www.theregister.com/2025/01/08/mitel_0_day_oracle_rce_under_exploit/ Source: The Register Title: Mitel 0-day, 5-year-old Oracle RCE bugs under active exploit Feedly Summary: 3 CVEs added to CISA’s catalog Cybercriminals are actively exploiting two vulnerabilities in Mitel MiCollab, including a zero-day flaw, alongside a critical remote code execution vulnerability in Oracle WebLogic Server that has been exploited for at least…

  • Alerts: CISA Adds Three Known Exploited Vulnerabilities to Catalog

    Source URL: https://www.cisa.gov/news-events/alerts/2025/01/07/cisa-adds-three-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Three Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-41713 Mitel MiCollab Path Traversal Vulnerability CVE-2024-55550 Mitel MiCollab Path Traversal Vulnerability CVE-2020-2883 Oracle WebLogic Server Unspecified Vulnerability Users and administrators are also encouraged to…

  • MCP Server Cloud – The Model Context Protocol Server Directory: CLI MCP Server – MCP Server Integration

    Source URL: https://mcpserver.cloud/server/plurigrid-cli-mcp-server Source: MCP Server Cloud – The Model Context Protocol Server Directory Title: CLI MCP Server – MCP Server Integration Feedly Summary: AI Summary and Description: Yes **Summary:** The provided text elaborates on a secure Model Context Protocol (MCP) server designed for executing controlled command-line operations, emphasizing comprehensive security features that are vital…

  • The Register: Critical security hole in Apache Struts under exploit

    Source URL: https://www.theregister.com/2024/12/17/critical_rce_apache_struts/ Source: The Register Title: Critical security hole in Apache Struts under exploit Feedly Summary: You applied the patch that could stop possible RCE attacks last week, right? A critical security hole in Apache Struts 2, patched last week, is now being exploited using publicly available proof-of-concept (PoC) code.… AI Summary and Description:…