Mix - Cybernoz - Page 377

When Static Is Not Actually Static – Assetnote

Over the last ten years, we have seen the industrialization of the content management space. A decade ago, it felt like every individual and business…

March 21, 2023 Cybernoz 9 min read

Mix

Apache Tomcat RCE if readonly set to false (CVE-2017-12617)

The Vulnerability The Apache Tomcat team announced today that all Tomcat versions before 9.0.1 (Beta), 8.5.23, 8.0.47 and 7.0.82 contain a potentially dangerous remote code…

March 21, 2023 Cybernoz 3 min read

Mix

Exploiting SSL Vulnerabilities in Mobile Apps – allysonomalley.com

This post is an overview of a mobile app MitM vulnerability I’ve found several times in the real world. I’ll explain how an attacker can…

March 21, 2023 Cybernoz 8 min read

Mix

Access to remapped root allows privilege escalation to real root · Advisory · moby/moby · GitHub

Impact When using --userns-remap, if the root user in the remapped namespace has access to the host filesystem they can modify files under /var/lib/docker/ that…

March 20, 2023 Cybernoz 1 min read

Mix

Compromising an unreachable Solr server with CVE-2013-6397

Compromising an unreachable Solr server with CVE-2013-6397 I recently did a pentest where I compromised a Solr server located several layers deep in a network.…

March 20, 2023 Cybernoz 7 min read

Mix

VMware NSX Manager Vulnerabilities being actively exploited

The Wallarm Detect team has found exploit attempts in the wild of CVE-2022-31678 and CVE-2021-39144. The original vulnerabilities were found in VMware NSX Manager at…

March 20, 2023 Cybernoz 2 min read