GameOver(lay) encompasses two significant vulnerabilities within the Ubuntu kernel, CVE-2023-2640, and CVE-2023-32629, each carrying a high-severity rating with CVSS scores of 7.8. These vulnerabilities pose a critical threat, potentially affecting around 40% of Ubuntu users. The vulnerability lies within the OverlayFS module of the Ubuntu kernel, enabling a
CVE-2023-22518 is a critical vulnerability in Atlassian Confluence Data Center and Server. The vulnerability could potentially allow unauthenticated attackers with network access to the Confluence Instance to restore the database of the Confluence instance and eventually execute arbitrary system commands. Technical Details After performing a patch diff between the patched
Description: CVE-2023-46747 is a critical vulnerability in the F5 BIG-IP Configuration Utility identified as a request smuggling bug within the Apache JServ Protocol (AJP). The flaw could potentially allow unauthenticated attackers with network access to the BIG-IP system through the management port and/or self-IP addresses to execute arbitrary system
For the latest updates on CVE-2023-29300 / CVE-2023-38203 / CVE-2023-38204, see the updates section Introduction The Adobe ColdFusion, widely recognized for its robust web development capabilities, recently released a critical security update. The update specifically targeted three security issues, among them, CVE-2023-29300, a highly concerning pre-authentication Remote Code Execution (RCE) vulnerability. This
Introduction At ProjectDiscovery, our focus is on enhancing our open-source solution, Nuclei, by incorporating templates for trending CVEs. Our collaborative efforts involve constant additions of templates by the open-source community, internal template and research team to stay updated on emerging exploits. One such notable case involves MOVEit Transfer, a widely
Introduction While testing request pipelining on multiple programming language built-in servers, we observed strange behavior with PHP’s. As we delved deeper, we discovered a security bug in PHP that could expose the source code of PHP files as if they were static files rather than executing them as intended.
Introduction As seen in Part 1: Abusing Reverse Proxies: Metadata, open proxies can allow an attacker to access cloud metadata API services. However, even without metadata services available, open proxies can be a boon for an attacker. A primer on open proxy types: * Forward: typical use case is allowing private
Introduction Many cloud service providers offer a "metadata" service on their virtual machines. These services offer sensitive details about the instance and cloud operating environment. Metadata services offer REST APIs to programmatically retrieve this data. Amazon’s AWS service defined the IMDSv1 “standard” on their EC2 instances, and since then
Subscribe to ProjectDiscovery.io | Blog newsletter and stay updated.
Don't miss anything. Get all the latest posts delivered straight to your inbox. It's free!