|
You are here |
srcincite.io | ||
| | | | |
foxglovesecurity.com
|
|
| | | | | By @breenmachine What? The most underrated, underhyped vulnerability of 2015 has recently come to my attention, and I'm about to bring it to yours. No one gave it a fancy name, there were no press releases, nobody called Mandiant to come put out the fires. In fact, even though proof of concept code was released... | |
| | | | |
bdtechtalks.com
|
|
| | | | | Security researchers find critical flaws in popular Axis cameras, allowing full remote control over thousands of surveillance systems in enterprises worldwide. | |
| | | | |
y4y.space
|
|
| | | | | Intro The exploitation of this RCE consists of two parts, one being the lack of authentication validation to h5-vsan endpoint, and another being the unsafe reflection usage in Java which then caused a JNDI injection. I was not smart enough to come up with the JDNI attack chain, but certainly learned a lot while attempting... | |
| | | | |
www.thezdi.com
|
|
| | | [AI summary] This blog post discusses two critical vulnerabilities in the Logsign Unified SecOps Platform, CVE-2024-5716 (authentication bypass) and CVE-2024-5717 (command injection), which can be combined for remote, unauthenticated code execution. | ||