11May
[webapps] WordPress Plugin Blue Admin 21.06.01 – Cross-Site Request Forgery (CSRF)
WordPress Plugin Blue Admin 21.06.01 – Cross-Site Request Forgery (CSRF)
11May
[local] TCQ – ITeCProteccioAppServer.exe – Unquoted Service Path
TCQ – ITeCProteccioAppServer.exe – Unquoted Service Path
11May
11May
[webapps] ImpressCMS v1.4.4 – Unrestricted File Upload
ImpressCMS v1.4.4 – Unrestricted File Upload
11May
[webapps] WordPress Plugin stafflist 3.1.2 – SQLi (Authenticated)
WordPress Plugin stafflist 3.1.2 – SQLi (Authenticated)
11May
11May
[webapps] Bitrix24 – Remote Code Execution (RCE) (Authenticated)
Bitrix24 – Remote Code Execution (RCE) (Authenticated)
10May
Spring4Shell-Poc – Spring Core RCE 0-day Vulnerability
Description of the vulnerability: https://www.cyberkendra.com/2022/03/springshell-rce-0-day-vulnerability.html Construction of the POC: https://github.com/BobTheShoplifter/Spring4Shell-POC Steps to Build/Run Tested with JDK 11.0.14, Spring Boot 2….
10May
APT34 targets Jordan Government using new Saitama backdoor
On April 26th, we identified a suspicious email that targeted a government official from Jordan’s foreign ministry. The email contained a malicious Excel document that drops a new backdoor named Saitama. Following our investigation, we were able to attribute this attack to the known Iranian Actor APT34. Also known as OilRig/COBALT GYPSY/IRN2/HELIX KITTEN, APT34 is…
The post APT34 targets Jordan Government using new Saitama backdoor appeared first on Malwarebytes Labs.
10May
How to design a secure file storage/sharing platform
As the title implies, I would like to design a secure file storage/sharing platform. This is an abstract design question, so details regarding programing languages or platforms are not particularly relevant, unless they represent the only …
