Aggregator

A vulnerability, which was classified as critical, has been found in Ivanti Connect Secure up to 22.7R2.2. This issue affects some unknown processing. The manipulation leads to out-of-bounds read. The identification of this vulnerability is CVE-2024-37400. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Ivanti EPM up to 2022 SU5/2024 and classified as critical. This vulnerability affects unknown code. The manipulation leads to path traversal. This vulnerability was named CVE-2024-34787. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in WSO2 Identity Server up to 5.4.x and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Dashboard. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2018-8716. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

CVE-2024-4577 RCE Exploit; PHP CGI Argument Injection

Authors/Presenters: Ron Ben-Yizhak, David Shandalov

Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 32 – Manipulating Shim And Office For Code Injection appeared first on Security Boulevard.