Welcome to TheCyberThrone cybersecurity month in review will be posted covering the important security happenings . This review is for the month ending June, 2024
Subscribers favorite #1
PoC Exploit released for SolarWinds flaw CVE-2024-28895
SolarWinds recently released a patch for a newly discovered path-traversal vulnerability in Serv-U, tracked as CVE-2024-28995. The vulnerability affects SolarWinds Serv-U versions 15.4.2 HF 1 and earlier. Versions 15.4.2 HF 2 and later have been patched to mitigate the issue. Now a working PoC has been released towards exploiting the vulnerabilities
CVE-2024-28995 is a path-traversal vulnerability that allows unauthenticated attackers to retrieve arbitrary files from the filesystem. The exploit can be executed via a simple GET request to the root directory (/) with the parameters InternalDir and InternalFile specifying the target folder and file, respectively. The vulnerability arises from inadequate validation of path traversal segments (../), permitting attackers to bypass security checks……
Subscribers favorite #2
SolarWinds Patches Several Vulnerabilities June 2024
SolarWinds patches several high-severity vulnerabilities in Serv-U and the SolarWinds Platform. The vulnerabilities affect Platform 2024.1 SR 1 and previous versions.
The first vulnerability tracked as CVE-2024-28996 with a CVSS score of 7.5 is a read-only subset of SQL, SWQL, which allows users to query the database for network information.SolarWinds also addressed multiple vulnerabilities in third-party companies. The flaws, tracked as CVE-2024-28999 and CVE-2024-29004, are a race condition issue and a stored XSS bug in the web console……
Subscribers favorite #3
Apache Wicket Fixes Critical Vulnerability CVE-2024-36522
The Apache Wicket Project Management Committee (PMC) has released security to address a critical remote code execution vulnerability, stemmed from a potential XSLT injection attack, enabling malicious actors to execute arbitrary code on affected systems.
The vulnerability, tracked as CVE-2024-36522, could have allowed attackers to gain control over vulnerable web applications and potentially compromise sensitive data. By injecting malicious XSLT code, attackers could exploit the framework’s functionality to execute harmful commands on the server-side…..
SUBSCRIBE TO OUR BLOG TODAY !
We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day
Subscribers favorite #4
Gitlab addresses Several Vulnerabilities -June 2024
GitLab, has released critical updates for both its Community Edition (CE) and Enterprise Edition (EE). The new versions, 17.1.1, 17.0.3, and 16.11.5, contain essential security and bug fixes. GitLab urges all users to upgrade immediately to protect their installations from potential exploits.
Over dozen of fixes have been released to address critical vulnerabilities affecting Gitlab CE and EE versions…..
Subscribers favorite #5
Critical RCE Flaw in PHP Patch it – CVE-2024-4577
A critical remote code execution vulnerability in the PHP programming language by the researchers from the firm DEVCORE, the vulnerability could potentially allow unauthenticated attackers to take full control of affected PHP servers.
The vulnerability tracked as CVE-2024-4577 and the issue lies in the oversight of the Best-Fit feature of encoding conversion within the Windows operating system during PHP implementation. This oversight allows attackers to bypass protections implemented for a previous vulnerability, CVE-2012-1823, through specific character sequences. As a result, arbitrary code can be executed on remote PHP servers via an argument injection attack, enabling unauthorized access and control……
This brings end of this month in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter, Instagram
