Aggregator

ZDI-CAN-25027: Logsign

ZDI: Upcoming Advisories
5 months 3 weeks ago
A CVSS score 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N severity vulnerability discovered by 'Abdessamad Lahlali and Smile Thanapattheerakul of Trend Micro' was reported to the affected vendor on: 2024-08-06, 2 days ago. The vendor is given until 2024-12-04 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

ZDI-CAN-25026: Logsign

ZDI: Upcoming Advisories
5 months 3 weeks ago
A CVSS score 7.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H severity vulnerability discovered by 'Abdessamad Lahlali and Smile Thanapattheerakul of Trend Micro' was reported to the affected vendor on: 2024-08-06, 2 days ago. The vendor is given until 2024-12-04 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

New Zero-Day Flaw in Apache OFBiz ERP Allows Remote Code Execution

The Hackers News
5 months 3 weeks ago
A new zero-day pre-authentication remote code execution vulnerability has been disclosed in the Apache OFBiz open-source enterprise resource planning (ERP) system that could allow threat actors to achieve remote code execution on affected instances. Tracked as CVE-2024-38856, the flaw has a CVSS score of 9.8 out of a maximum of 10.0. It affects Apache OFBiz versions prior to 18.12.15. "The
The Hacker News

Execution Guardrails: No One Likes Unintentional Exposure

TrustedSec
5 months 3 weeks ago
<p>1.1 IntroductionA hopefully rare scenario that gives red teamers a mini heart-attack is a sudden check-in from a new agent: admin on ALICE-PC.If a blue teamer has managed to get hold of a payload used on an engagement…</p>
Brandon McGrath

Managed ad