Posts
2528Following
648Followers
1465
repeated
kcarruthers
kcarruthers@mastodon.socialHIV breakthrough: drug trial shows injection twice a year is 100% effective against infection
http://theconversation.com/hiv-breakthrough-drug-trial-shows-injection-twice-a-year-is-100-effective-against-infection-233295
1
4
0
repeated
screaminggoat
screaminggoat@infosec.exchange@cR0w I found it. I found the vulnerability details: https://www.horizon3.ai/attack-research/disclosures/fortiwlm-the-almost-story-for-the-forti-forty
Unauthenticated Limited Log File Read – Allows retrieval of arbitrary log files which contain administrator session ID tokens
"CVE-2024-???? (0-day): Fortinet FortiWLM Unauthenticated Limited File Read Vulnerability"
This vulnerability allows remote, unauthenticated attackers to access and abuse builtin functionality meant to read specific log files on the system via a crafted request to the /ems/cgi-bin/ezrf_lighttpd.cgi endpoint. This issue results from the lack of input validation on request parameters allowing an attacker to traverse directories and read any log file on the system.
0
3
0
repeated
Alexandre Dulaunoy
adulau@infosec.exchangeIf you are wondering about the unpublished CVE-2024-49848... there is a PoC.
🔗 https://vulnerability.circl.lu/comment/23fd524b-475e-4b9f-8dc2-7b67f4cec409
0
4
0
buherator
buherator
1
0
4
buherator
buheratorhttps://www.bloomberg.com/news/articles/2024-12-18/us-probes-china-founded-router-maker-on-national-security-fears
TP-Link about join the club of Huawei&Kaspersky
#frombsky
1
1
1
repeated
Craig Grannell
craiggrannell@mastodon.socialUK: “It’s still illegal to rip a CD you legally own to MP3!”
Also UK: “Hey, let’s exempt those AI guys from copyright law!”
FFS.
https://www.gov.uk/government/consultations/copyright-and-artificial-intelligence
6
12
0
repeated
Open Web Docs
openwebdocs@front-end.socialLearn about XSS for XMAS!
We created a new MDN page about Cross-site scripting: https://developer.mozilla.org/en-US/docs/Web/Security/Attacks/XSS
0
2
0
repeated
cpresser
cccpresser@chaos.socialHere is another #NameThatWare challenge. This time I am quite sure that no text or marking needs to be blurred.
Do you know what this thing is? Can you name the exact part number or product name?
As always, explain your guess/deduction and hide it behind a CW to not spoil others.
3
1
0
buherator
buherator
0
0
2
buherator
buheratorhttps://www.youtube.com/watch?v=0f_TbyIIPnc
#hardstyle
1
0
1
repeated
✧✦Catherine✦✧
whitequark@mastodon.socialgame i would like to play: Factorio but you *only* do compliance paperwork
4
1
1
repeated
HalvarFlake
HalvarFlake@mastodon.socialI am mildly amused that OpenAI telemetry rollout led to a classical Kubernetes control plane DoS.
In my experience DDoSing your own control plane is the #1 way people generate large failures in K8s. What are others?
1
2
0
buherator
buheratorhttps://blog.wpsec.com/the-full-story-of-cve-2024-6386-remote-code-execution-in-wpml/
0
0
0
repeated
Frederik Braun �
freddy@security.plumbingHey y'all,
the https://madweb.work/ Program Committee was just announced (featuring yours truly).
Please remember to submit your papers about web security by January 9th 2025. We are interested in research at the junction of web & browser security. More on the website :)
0
3
0
buherator
buheratorhttps://binary.ninja/2024/12/16/flareon-ttd.html
0
1
2
buherator
buheratorhttps://outurnate.com/authentication-bypass-vulnerability-in-philips-intellispace-cardiovascular
0
0
1
buherator
buheratorhttps://x41-dsec.de/security/research/job/news/2024/12/16/backstage-review-2024/
CVE-2024-45815 CVE-2024-45816 CVE-2024-46976
0
0
1
repeated
Tim (Wadhwa-)Brown 
timb_machine@infosec.exchange
1
5
0