Posts
2465Following
555Followers
1264Heretek of Silent Signal
repeated
Not Simon 🐐
screaminggoat@infosec.exchange
Cisco multiple security advisories from 06 November 2024:
- CVE-2024-20418 (10.0 critical 🥳) Cisco Unified Industrial Wireless Software for Ultra-Reliable Wireless Backhaul Access Point Command Injection Vulnerability
- CVE-2024-20536 (8.8 high) Cisco Nexus Dashboard Fabric Controller SQL Injection Vulnerability
- CVE-2024-20484 (7.5 high) Cisco Enterprise Chat and Email Denial of Service Vulnerability
- CVE-2024-20445 (5.3 medium) Cisco 7800, 8800, and 9800 Series Phones Information Disclosure Vulnerability
- CVE-2024-20533 and CVE-2024-20534 (4.8 medium) Cisco 6800, 7800, 8800, and 9800 Series Phones with Multiplatform Firmware Stored Cross-Site Scripting Vulnerabilities
- Cisco Identity Services Engine Vulnerabilities
- CVE-2024-20476 (4.3 medium) Cisco ISE Authorization Bypass Vulnerability
- CVE-2024-20487 (4.3 medium) Cisco ISE Stored XSS Vulnerability
- Cisco Identity Services Engine Vulnerabilities
- CVE-2024-20525 and CVE-2024-20530 (6.1 medium) Cisco ISE Reflected Cross-Site Scripting Vulnerabilities
- CVE-2024-20527, CVE-2024-20529, and CVE-2024-20532 (5.5 medium) Cisco ISE Arbitrary File Read and Delete Vulnerabilities
- CVE-2024-20531 (5.5 medium) Cisco ISE XML External Entity Injection Vulnerability
- CVE-2024-20528 (3.8 low) Cisco ISE Path Traversal Vulnerability
- Cisco Identity Services Engine Authorization Bypass and Cross-Site Scripting Vulnerabilities
- CVE-2024-20537 (6.5 medium) Cisco ISE Authorization Bypass Vulnerability
- CVE-2024-20538 (6.1 medium) Cisco ISE Cross-Site Scripting Vulnerability
- CVE-2024-20539 (4.8 medium) Cisco ISE Stored Cross-Site Scripting Vulnerability
- CVE-2024-20457 (6.5 medium) Cisco Unified Communications Manager IM & Presence Service Information Disclosure Vulnerability
- CVE-2024-20504 (5.4 medium) Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Stored Cross-Site Scripting Vulnerability
- CVE-2024-20514 (5.4 medium) Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerability
- CVE-2024-20511 (6.1 medium) Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
- CVE-2024-20507 (4.3 medium) Cisco Meeting Management Information Disclosure Vulnerability
- CVE-2024-20540 (5.4 medium) Cisco Unified Contact Center Management Portal Stored Cross-Site Scripting Vulnerability
- CVE-2024-20371 (5.3 medium) Cisco Nexus 3550-F Switches Access Control List Programming Vulnerability
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
1
1
0
repeated
_Veronica_
verovaleros@infosec.exchangeThe #BHASIA Call for Papers closes on November 13! This year I am on the review committee and I am so thrilled to be checking all the cool tools! Submit your proposal >> bit.ly/3TBThxZ
1
1
0
repeated
Symfony
symfony@bird.makeup
🔐 CVE-2024-50340: Ability to change environment from query
➡️ https://symfony.com/blog/cve-2024-50340-ability-to-change-environment-from-query
#symfony
0
2
0
repeated
Project Gutenberg
gutenberg_org@mastodon.social"The moment of discovery" does not always exist: the scientist's work is too tenuous, too divided, for the certainty of success to crackle out suddenly in the midst of his laborious toil like a stroke of lightening, dazzling him by its fire.
Marie Curie was born #OTD in 1867.
1
4
0
buherator
buheratorhttps://blog.sicuranext.com/breaking-down-multipart-parsers-validation-bypass/
0
0
0
buherator
buheratorhttps://www.sonarsource.com/blog/sanitize-client-side-why-server-side-html-sanitization-is-doomed-to-fail/
0
0
1
repeated
Matthew Burgess
matthewpburgess@digipres.clubToday is World Digital Preservation Day - time for my annual reminder that digitisation is not digital preservation. Whether a digital photograph is born-digital or a digitised copy of a physical object, it requires continued care to be made accessible over time. Digitisation needs digital preservation #WDPD2024
0
2
0
repeated
Mattias Wadman
wader@fosstodon.org> Euler’s work touched upon so many fields that he is often the earliest written reference on a given matter. In an effort to avoid naming everything after Euler, some discoveries and theorems are attributed to the first person to have proved them after Euler.
https://en.wikipedia.org/wiki/List_of_things_named_after_Leonhard_Euler
1
2
0
repeated
pancake 
pancake@infosec.exchange
In 2009, 3 years before starting with #radare2 I wrote an article for the #Phrack messing around with r1, still fun to read and see how command syntax didnt changed much in 15 years https://phrack.org/issues/66/14.html
1
2
0
buherator
buheratorhttps://blog.theori.io/finding-vulnerabilities-in-firmware-with-static-analysis-platform-queryx-ff9d02a3c349?source=rss-4b564abdafa3------2
0
0
1
repeated
AttackerKB
attackerkbTopic description: "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution ..."
"Note: This write up will focus on the impact that CVE-2024-34102 can have when combined with CVE-2024-2961 and how the two bugs can be used to achieve RCE ..."
Link: https://attackerkb.com/assessments/fd4b6425-8316-441d-bd58-b14f022873c9
0
1
0
repeated
Royce Williams
tychotithonus@infosec.exchangeMicrosoft could have kept WordPad and extended its functionality, instead of increasing the complexity (and attack surface) of Notepad.
Notepad being braindead -- including having no recovery / history -- was a feature.
5
4
0
buherator
buherator
0
0
1
repeated
So Cisco really did drop a CVSS 10 on the day after the US election? I WAS FUCKING JOKING, CISCO!
2
6
0
repeated