Posts
2520Following
646Followers
1461
buherator
buherator
RE: https://infosec.exchange/@josephcox/113551853623942786
1
1
3
buherator
buheratorShow content
1
1
6
repeated
/r/netsec
_r_netsec@infosec.exchangeNew PE Vulnerability in Windows OS! https://ssd-disclosure.com/ssd-advisory-ksthunk-sys-integer-overflow-pe/
0
1
0
repeated
bert hubert 🇺🇦🇪🇺🇺🇦
bert_hubert@fosstodon.orgEarlier post, but in recent talks I'm encountering more and more organizations that are losing their last technical people. You can outsource a lot, but most places have a core thing that they should really own. And once your own technical department is no longer viable, you are hosed. The longer story: https://berthub.eu/articles/posts/your-tech-my-tech/
1
2
0
repeated
✧✦Catherine✦✧
whitequark@mastodon.socialthesis: numbers stations are a form of microblogging
3
4
0
repeated
Insinuator
Insinuator@infosec.exchangeNew post: Vulnerability Disclosure: Command Injection in Kemp LoadMaster Load Balancer (CVE-2024-7591) https://insinuator.net/2024/11/vulnerability-disclosure-command-injection-in-kemp-loadmaster-load-balancer-cve-2024-7591/
0
2
0
buherator
buheratorSo much for "personalized experience"...
RE: https://infosec.place/objects/0fe974a7-6345-4ccc-a9a4-5dce0da786a9
0
0
2
repeated
The Meteoriks
meteoriks@icosahedron.websiteWhat, it's already this time of the year again?! Yes, 'tis the season of reviewing and selecting our top picks from around 3.000 #demoscene productions - and we would love to have you on the team as a juror! Sign up now:
https://2025.meteoriks.org/taking_part/juror/
0
2
0
buherator
buheratorhttps://blog.mantrainfosec.com/blog/16/hacking-barcodes-for-fun-profit
Old friend hacking Hungarian bottle recycling machines :) #DRS
0
1
0
buherator
buheratorhttps://srcincite.io/blog/2024/11/25/remote-code-execution-with-spring-properties.html
#frombsky
1
4
7
repeated
RE//verse
reverseconf@bird.makeup
CFP window ends this friday! We have ~50 submissions so far -- competitive but not so busy that a high quality talk can't rise to the top, make sure to get your submission in soon.
0
2
0
repeated
screaminggoat
screaminggoat@infosec.exchangeMicrosoft: "we had one #PatchTuesday yes, but what about second Patch Tuesday?"
- CVE-2024-49053 (7.6 high) Microsoft Dynamics 365 Sales Spoofing Vulnerability
- CVE-2024-49035 (8.7 high) Partner.Microsoft.Com Elevation of Privilege Vulnerability (EXPLOITATION DETECTED FLAG)
- CVE-2024-49038 (9.3 critical) Microsoft Copilot Studio Elevation Of Privilege Vulnerability
- CVE-2024-49052 (8.2 high) Microsoft Azure PolicyWatch Elevation of Privilege Vulnerability
Only CVE-2024-49053 has any substantial information in their FAQ section. CVE-2024-49035 is "not exploited" but "exploitation detected" 🤔 (analyst comment: likely a gaffe). The rest are Not Exploited, Not Publicly Disclosed, and Exploitation Less Likely.
#microsoft #vulnerability #CVE #infosec #cybersecurity #copilot #dynamics365 #azure
2
2
0
repeated
repeated
screaminggoat
screaminggoat@infosec.exchangeSplunk security advisories since apparently they missed #PatchTuesday and everyone wants to push to prod before Thanksgiving:
- SVD-2024-1101 Third-Party Package Updates in Python for Scientific Computing - November 2024 (1 CVE)
- SVD-2024-1102 Third-Party Package Updates in Splunk Machine Learning Toolkit - November 2024 (3 CVEs)
No mention of exploitation.
0
1
0
buherator
buheratorhttps://blog.amberwolf.com/blog/2024/november/introducing-nachovpn---one-vpn-server-to-pwn-them-all/
Interesting concept: rogue VPN server to compromise misconfigured clients
0
2
1
repeated
screaminggoat
screaminggoat@infosec.exchangeGitLab security advisory: GitLab Patch Release: 17.6.1, 17.5.3, 17.4.5
- CVE-2024-8114 (8.2 high) Privilege Escalation via LFS Tokens
- CVE-2024-8237 (6.5 medium) Denial of Service (DoS) through uncontrolled resource consumption when viewing a maliciously crafted cargo.toml file.
- CVE-2024-11669 (6.5 medium) Unintended Access to Usage Data via Scoped Tokens
- CVE-2024-8177 (5.3 medium) Gitlab DOS via Harbor registry integration
- CVE-2024-1947 (4.3 medium) Resource exhaustion and denial of service with test_report API calls
- CVE-2024-11668 (4.2 medium) Streaming endpoint did not invalidate tokens after revocation
No mention of exploitation.
0
1
0
repeated
XBOW found a path traversal vulnerability (CVE-2024-53844) in LabsAI's EDDI project that allows attackers to download any file on the server. XBOW combined a series of URL encodings and path normalization bypasses to trigger the flaw. Users of versions 4.3–5.3 should upgrade.
0
1
0
buherator
buheratorThe very popular blog engine #Jekyll does not generate a feed by default! You have to add the jekyll-feed plugin and reference the generated Atom XML in your template!
https://github.com/jekyll/jekyll-feed
0
0
2
repeated
screaminggoat
screaminggoat@infosec.exchangeVMware security advisory: VMSA-2024-0022: VMware Aria Operations updates address multiple vulnerabilities(CVE-2024-38830, CVE-2024-38831, CVE-2024-38832, CVE-2024-38833, CVE-2024-38834)
- CVE-2024-38830 (7.8 high) Local privilege escalation vulnerability
- CVE-2024-38831 (7.8 high) Local privilege escalation vulnerability
- CVE-2024-38832 (7.1 high) Stored cross-site scripting vulnerability
- CVE-2024-38833 (6.8 medium) Stored cross-site scripting vulnerability
- CVE-2024-38834 (6.5 medium) Stored cross-site scripting vulnerability
No mention of exploitation
#CVE_2024_38830 #vmware #vulnerability #CVE #infosec #cybersecurity #CVE_2024_38831 #CVE_2024_38832 #CVE_2024_38833 #CVE_2024_38834 #aria #AriaOperations
0
1
0