Last year we conducted an in-depth analysis of multiple vulnerabilities within Adobe ColdFusion, we derived valuable insights, one of which revolved around CFM and CFC handling, parsing and execution. We wondered if there are any other CFML Servers. Does this ring a bell? Allow us to introduce Lucee. We'
Summary of Releases v9.7.3, v9.7.4, and v9.7.5 This month, we've released multiple versions of Nuclei Templates that bring numerous enhancements to Nuclei users. Here are some highlighted stats from the combined releases: 🎉 157 new Templates added 🚀 20 first-time contributions 🔥 36 new CVEs
CVE-2023-22527 is a critical vulnerability within Atlassian's Confluence Server and Data Center. This vulnerability has the potential to permit unauthenticated attackers to inject OGNL expressions into the Confluence instance, thereby enabling the execution of arbitrary code and system commands. Technical Details Initial Analysis The CVE description provided by
CVE-2023-43177 is a critical vulnerability in CrushFTP. The vulnerability could potentially allow unauthenticated attackers with network access to the CrushFTP Instance to write files in the local file system and eventually in some versions could allow the executing of arbitrary system commands. Technical Details Based on the information shared in
Summary of Releases v9.6.9 and v9.7.0 🎉 124 new Templates added 🚀 14 first-time contributions 🔥 31 new CVEs added Introduction This month, we've seen several high-profile CVEs impacting various technologies. Key among them is CVE-2023-46604, a significant vulnerability in Apache ActiveMQ, notable for its potential for
GameOver(lay) encompasses two significant vulnerabilities within the Ubuntu kernel, CVE-2023-2640, and CVE-2023-32629, each carrying a high-severity rating with CVSS scores of 7.8. These vulnerabilities pose a critical threat, potentially affecting around 40% of Ubuntu users. The vulnerability lies within the OverlayFS module of the Ubuntu kernel, enabling a
CVE-2023-22518 is a critical vulnerability in Atlassian Confluence Data Center and Server. The vulnerability could potentially allow unauthenticated attackers with network access to the Confluence Instance to restore the database of the Confluence instance and eventually execute arbitrary system commands. Technical Details After performing a patch diff between the patched
Description: CVE-2023-46747 is a critical vulnerability in the F5 BIG-IP Configuration Utility identified as a request smuggling bug within the Apache JServ Protocol (AJP). The flaw could potentially allow unauthenticated attackers with network access to the BIG-IP system through the management port and/or self-IP addresses to execute arbitrary system
Summary of Releases v9.6.5, v9.6.6, v9.6.7 and v9.6.8 This month, we've released multiple versions of Nuclei Templates that bring numerous enhancements to Nuclei users. Here are some highlighted stats from the combined releases: 🎉 316 New Templates added 🚀 14 First-time contributions
Subscribe to our newsletter and stay updated.
Don't miss anything. Get all the latest posts delivered straight to your inbox. It's free!