Browsing tag
Apache has released a security advisory warning of a critical security flaw in the Struts 2 open-source web application framework that could result in remote code execution. Tracked as CVE-2023-50164, the vulnerability is rooted in a flawed “file upload logic” that could enable unauthorized path traversal and could be exploited under the circumstances to upload […]
Cybersecurity researchers are warning of suspected exploitation of a recently disclosed critical security flaw in the Apache ActiveMQ open-source message broker service that could result in remote code execution. “In both instances, the adversary attempted to deploy ransomware binaries on target systems in an effort to ransom the victim organizations,” cybersecurity firm Rapid7 disclosed in […]
Multiple security flaws have been disclosed in Apache OpenMeetings, a web conferencing solution, that could be potentially exploited by malicious actors to seize control of admin accounts and run malicious code on susceptible servers. “Attackers can bring the application into an unexpected state, which allows them to take over any user account, including the admin […]
The maintainers of the Apache Superset open source data visualization software have released fixes to plug an insecure default configuration that could lead to remote code execution. The vulnerability, tracked as CVE-2023-27524 (CVSS score: 8.9), impacts versions up to and including 2.0.1 and relates to the use of a default SECRET_KEY that could be abused […]
WordPress security company Wordfence on Thursday said it started detecting exploitation attempts targeting the newly disclosed flaw in Apache Commons Text on October 18, 2022. The vulnerability, tracked as CVE-2022-42889 aka Text4Shell, has been assigned a severity ranking of 9.8 out of a possible 10.0 on the CVSS scale and affects versions 1.5 through 1.9 […]
Researchers have revealed details of a now-patched high-severity security vulnerability in Apache Cassandra that, if left unaddressed, could be abused to gain remote code execution (RCE) on affected installations. “This Apache security vulnerability is easy to exploit and has the potential to wreak havoc on systems, but luckily only manifests in non-default configurations of Cassandra,” […]
The Apache Software Foundation (ASF) on Tuesday rolled out fresh patches to contain an arbitrary code execution flaw in Log4j that could be abused by threat actors to run malicious code on affected systems, making it the fifth security shortcoming to be discovered in the tool in the span of a month. Tracked as CVE-2021-44832, […]
Apache has released Log4j version 2.15.0 to address the critical RCE vulnerability and users are urged to apply the update immediately. The Apache Foundation’s Log4j is a widely used open-source tool by enterprise apps and cloud services. The bad news is that a security vulnerability has been identified in this tool, reported by Alibaba Cloud […]
Semi-Automated Cyber Threat Intelligence (ACT) is a research project led by mnemonic as with contributions from the University of Oslo, NTNU, Norwegian Security Authority (NSM), KraftCERT and Nordic Financial CERT. The main objective of the ACT project is to develop a platform for cyber threat intelligence to uncover cyber attacks, cyber espionage and sabotage. […]
According to the experts from the International Institute of Cyber Security (IICS), the best ethical hacking institute, critical privilege escalation vulnerability in the Apache HTTP server allows users with permission to enter and run scripts get root privileges on Unix systems; according to the company, the flaw was corrected in its last update. The vulnerability […]
The cause seems to be a poorly configured server During the first quarter of 2018, experts from a cybersecurity and digital forensics firm discovered a misconfigured server exposed online containing 120 million ID numbers of Brazilian citizens. The company emphasizes that it has not been possible to establish for how long this information has been […]
Security researchers at Palo Alto Networks’ Unit 42 have discovered modified versions of the notorious Mirai and Gafgyt Internet of Things (IoT) malware. The malware have the capability of targeting flaws that affect Apache Struts and SonicWall Global Management System (GMS). Moreover, the Unit 42 researchers also discovered new versions of Mirai and Gafgyt (aka BASHLITE) […]
This is the first publicly-disclosed vulnerability in a serverless platform. Experts at IBM (The International Business Machines Corporation) have patched a critical vulnerability in its Cloud Functions which if exploited could allow remote malicious hackers to replace company’s serverless code with their own. Once the changes took effect, hackers could have extracted sensitive customer data including […]
Seeker utilizes HTML5, Javascript, JQuery and PHP to grab Device Information and GeoLocation with High Accuracy. Seeker Hosts a fake website on Apache Server and uses Ngrok to generate a SSL link which asks for Location Permission and if the user allows it, we can get : Longitude Latitude Accuracy Altitude – Not always available […]
In computing, load balancing improves the distribution of workloads across multiple computing resources, such as computers, a computer cluster, network links, central processing units, or disk drives. Load balancing differs from channel bonding in that load balancing divides traffic between network interfaces on a network socket (OSI model layer 4) basis, while channel bonding implies […]
Hackers hit over 1,400 Apache Solr servers at the end of February to install a cryptocurrency miner. According to information security training researcher Renato Marinho, the Apache Solr attackers are using the critical remote code execution vulnerability tagged as CVE-2017-12629. The Apache Software Foundation released a fix for this in October. Solr is a widely used Apache […]
JexBoss is a tool for testing and exploiting vulnerabilities in JBoss Application Server and others Java Platforms, Frameworks, Applications, etc. Requirements Python >= 2.7.x urllib3 ipaddress Installation on LinuxMac To install the latest version of JexBoss, please use the following commands: git clone https://github.com/joaomatosf/jexboss.git cd jexboss pip install -r requires.txt python jexboss.py -h python jexboss.py […]
This tool is related to ACM CCS 2017 conference paper #124 Return of the Coppersmith’s Attack: Practical Factorization of Widely Used RSA Moduli. It enables you to test public RSA keys for a presence of the described vulnerability. Update: The paper of the attack is already online, ACM version. Currently the tool supports the following […]
Apache Struts is a free and open-source framework used to build Java web applications.This is not the first remote code execution vulnerability discovered on Apache Struts. Security Expert from Man Yue Mo from lgtm found a remote code execution vulnerability in Apache Struts. This vulnerability has been assigned with Security Bulletin CVE-2017-9805 Experts found the […]
Security researchers from lgtm.com have discovered a major remote code execution security flaw (CVE-2017-9805) in Apache Struts, which is a well-liked open-source framework created to develop internet purposes in the Java programming language, which helps REST, AJAX, and JSON. All variations of Struts since 2008 are weak and all internet purposes utilizing the framework’s fashionable […]
Apache Struts is a free and open-source framework used to build Java web applications.This is not the first remote code execution vulnerability discovered on Apache Struts. Apache Struts2 official released a security bulletin, the bulletin pointed out that Apache Struts2 Jakarta Multipart parser plug-in, there is a remote code execution vulnerability, vulnerability number CVE-2017-5638. An […]