Aggregator

CVE-2024-21029 | Oracle Complex Maintenance, Repair, and Overhaul up to 12.2.13 LOV Remote Code Execution

Vuldb Updates
12 hours 37 minutes ago
A vulnerability has been found in Oracle Complex Maintenance, Repair, and Overhaul up to 12.2.13 and classified as critical. Affected by this vulnerability is an unknown functionality of the component LOV. The manipulation leads to Remote Code Execution. This vulnerability is known as CVE-2024-21029. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-21030 | Oracle Complex Maintenance, Repair, and Overhaul up to 12.2.13 LOV improper authentication

Vuldb Updates
12 hours 37 minutes ago
A vulnerability was found in Oracle Complex Maintenance, Repair, and Overhaul up to 12.2.13 and classified as critical. Affected by this issue is some unknown functionality of the component LOV. The manipulation leads to improper authentication. This vulnerability is handled as CVE-2024-21030. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-21031 | Oracle Complex Maintenance, Repair, and Overhaul up to 12.2.13 LOV Remote Code Execution

Vuldb Updates
12 hours 37 minutes ago
A vulnerability was found in Oracle Complex Maintenance, Repair, and Overhaul up to 12.2.13. It has been classified as critical. This affects an unknown part of the component LOV. The manipulation leads to Remote Code Execution. This vulnerability is uniquely identified as CVE-2024-21031. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-21032 | Oracle Complex Maintenance, Repair, and Overhaul up to 12.2.13 LOV Remote Code Execution

Vuldb Updates
12 hours 37 minutes ago
A vulnerability was found in Oracle Complex Maintenance, Repair, and Overhaul up to 12.2.13. It has been declared as critical. This vulnerability affects unknown code of the component LOV. The manipulation leads to Remote Code Execution. This vulnerability was named CVE-2024-21032. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

BSidesLV24 – HireGround – Tracking And Hacking Your Career

Security Boulevard
12 hours 41 minutes ago

Authors/Presenters: Misha Yalavarthy, Leif Dreizler

Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel.

Permalink

The post BSidesLV24 – HireGround – Tracking And Hacking Your Career appeared first on Security Boulevard.

Marc Handelman

Weekly Update 446

Troy Hunt
12 hours 51 minutes ago

After an unusually long day of travelling from Iceland, we've finally made it to the land of Guinness, Leprechauns, and a tax haven for tech companies. This week, there are a few more lessons from the successful phish against me the previous week, and in happier news, there

Troy Hunt

记某众测Fastjson<=1.2.68反序列化RCE过程

先知技术社区
12 hours 52 minutes ago
在某次众测过程中使用搜索引擎找到某单位部署的旁站,通过前端JS信息分析找到一处ssrf漏洞。在ssrf测试时根据提示信息得到服务端接收的数据格式为json格式,再通过构造json报错语句时服务端报错回显了fastjson版本号为1.2.58,然后寻找Fastjson 1.2.58利用链,最后RCE。

IOT渗透测试:从信息收集到msf,ExploitDB攻击渗透思路实录分享

先知技术社区
13 hours 1 minute ago
本文带您走进渗透测试的真实世界,从内网信息收集到目标发现,再到Web服务安全评估以及非Web端口漏洞利用,文章全面揭示了整个攻击流程的各个环节。文章首先介绍如何利用arp-scan、arping、netdiscover、nmap和fping等工具扫描局域网内的主机,精确获取目标的IP和MAC信息,为后续攻击奠定基础。随后,通过masscan和nmap的全端口与详细版本扫描,文章讲述了不同扫描方式的

某开源网盘程序漏洞分析

先知技术社区
13 hours 5 minutes ago
PicHome是一款功能强大的开源网盘程序,它不仅能高效管理各类文件,还在图像和媒体文件管理方面表现出色。其亮点包括强大的文件共享功能和先进的AI辅助管理工具,为用户提供了便捷、智能的文件管理体验。

Managed ad