Chained Vulnerabilities Exploited in Ivanti Cloud Service Appliances
Threat actors chained Ivanti CSA vulnerabilities for RCE, credential theft & webshell deployment
Aggregator
Akira
1 year 3 months ago
cohenido
Akira
1 year 3 months ago
cohenido
RansomHub
1 year 3 months ago
cohenido
5 - CVE-2025-22146
1 year 3 months ago
Currently trending CVE - hypeScore: 1 - Sentry is a developer-first error tracking and performance monitoring tool. A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via our private bug bounty program. The vulnerability allows an attacker to take over any user accou
CVE-2023-32979 | Email Extension Plugin up to 2.96 on Jenkins permission
1 year 3 months ago
A vulnerability, which was classified as problematic, was found in Email Extension Plugin up to 2.96 on Jenkins. Affected is an unknown function. The manipulation leads to permission issues.
This vulnerability is traded as CVE-2023-32979. The attack needs to be initiated within the local network. There is no exploit available.
vuldb.com
CVE-2023-32977 | Pipeline Job Plugin up to 1292.v27d8cc3e2602 on Jenkins Display Name cross site scripting
1 year 3 months ago
A vulnerability, which was classified as problematic, has been found in Pipeline Job Plugin up to 1292.v27d8cc3e2602 on Jenkins. Affected by this issue is some unknown functionality of the component Display Name Handler. The manipulation leads to cross site scripting.
This vulnerability is handled as CVE-2023-32977. The attack may be launched remotely. There is no exploit available.
vuldb.com
CVE-2023-32978 | LDAP Plugin up to 673.v034ec70ec2b_b_ on Jenkins cross-site request forgery
1 year 3 months ago
A vulnerability, which was classified as problematic, was found in LDAP Plugin up to 673.v034ec70ec2b_b_ on Jenkins. This affects an unknown part. The manipulation leads to cross-site request forgery.
This vulnerability is uniquely identified as CVE-2023-32978. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2023-32987 | Reverse Proxy Auth Plugin up to 1.7.4 on Jenkins cross-site request forgery
1 year 3 months ago
A vulnerability was found in Reverse Proxy Auth Plugin up to 1.7.4 on Jenkins and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery.
The identification of this vulnerability is CVE-2023-32987. The attack may be initiated remotely. There is no exploit available.
vuldb.com
CVE-2023-32980 | Email Extension Plugin up to 2.96 on Jenkins cross-site request forgery
1 year 3 months ago
A vulnerability was found in Email Extension Plugin up to 2.96 on Jenkins. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery.
This vulnerability is known as CVE-2023-32980. The attack can be launched remotely. There is no exploit available.
vuldb.com
CVE-2023-32994 | SAML Single Sign On Plugin up to 2.1.0 on Jenkins channel accessible
1 year 3 months ago
A vulnerability has been found in SAML Single Sign On Plugin up to 2.1.0 on Jenkins and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to channel accessible by non-endpoint.
This vulnerability is known as CVE-2023-32994. Access to the local network is required for this attack to succeed. There is no exploit available.
vuldb.com
CVE-2023-32999 | AppSpider Plugin up to 1.0.15 on Jenkins permission
1 year 3 months ago
A vulnerability was found in AppSpider Plugin up to 1.0.15 on Jenkins. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to permission issues.
This vulnerability was named CVE-2023-32999. The attack can only be initiated within the local network. There is no exploit available.
vuldb.com
CVE-2023-32997 | CAS Plugin up to 1.6.2 on Jenkins session expiration
1 year 3 months ago
A vulnerability classified as problematic was found in CAS Plugin up to 1.6.2 on Jenkins. This vulnerability affects unknown code. The manipulation leads to session expiration.
This vulnerability was named CVE-2023-32997. The attack needs to be approached within the local network. There is no exploit available.
vuldb.com
CVE-2023-32998 | AppSpider Plugin up to 1.0.15 on Jenkins HTTP POST Request cross-site request forgery
1 year 3 months ago
A vulnerability, which was classified as problematic, was found in AppSpider Plugin up to 1.0.15 on Jenkins. Affected is an unknown function of the component HTTP POST Request Handler. The manipulation leads to cross-site request forgery.
This vulnerability is traded as CVE-2023-32998. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com
An Overview of Cyber Risk Modeling | Kovrr
1 year 3 months ago
TL;DR Cyber risk modeling allows organizations to identify, simulate, and sub
An Overview of Cyber Risk Modeling | Kovrr
1 year 3 months ago
Articles related to cyber risk quantification, cyber risk management, and cyber resilience.
The post An Overview of Cyber Risk Modeling | Kovrr appeared first on Security Boulevard.
Cyber Risk Quantification
Re
1 year 3 months ago
The J-Magic Show: Magic Packets and Where to Find Them | by @lumentechco - Backdoor targeting #Juniper routers listens for a hidden "magic packet" to ...
1 year 3 months ago
ETW Threat Intelligence and Hardware Breakpoints
1 year 3 months ago
Modern Endpoint Detection and Response (EDR) solutions rely heavily on Windows’ Event Tracing fo
ETW Threat Intelligence and Hardware Breakpoints
1 year 3 months ago
Learn to bypass EDR detection using NtContinue for hardware breakpoints without triggering ETW Threat Intelligence. This technical blog explores kernel debugging, debug registers, and EDR evasion with code examples.
The post ETW Threat Intelligence and Hardware Breakpoints appeared first on Praetorian.
The post ETW Threat Intelligence and Hardware Breakpoints appeared first on Security Boulevard.
Harry Hayward