Security
Headlines
HeadlinesLatestCVEs

Tag

#apache

Exploit Attempts Underway for Apache Commons Text4Shell Vulnerability

The good news: The Apache Commons Text library bug is far less likely to lead to exploitation than last year's Log4j library flaw.

DARKReading
Open in Source
#vulnerability#apache#log4j
Hackers Started Exploiting Critical "Text4Shell" Apache Commons Text Vulnerability

WordPress security company Wordfence on Thursday said it started detecting exploitation attempts targeting the newly disclosed flaw in Apache Commons Text on October 18, 2022. The vulnerability, tracked as CVE-2022-42889 aka Text4Shell, has been assigned a severity ranking of 9.8 out of a possible 10.0 on the CVSS scale and affects versions 1.5 through 1.9 of the library. It's also similar to

Failed Cobalt Strike fix with buried RCE exploit now patched

The fix was developed at a running pace as Cobalt Strike is essential to Red Team operations

CVE-2022-38108: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE-2022-36957: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

Third-party application patching: Everything you need to know for your business

Categories: Business In this post, we cover the importance of third-party application patching and the challenges it can solve for your organization. (Read more...) The post Third-party application patching: Everything you need to know for your business appeared first on Malwarebytes Labs.

CVE-2022-42201: Simple Exam Reviewer Management System in PHP/OOP Free Source Code

Simple Exam Reviewer Management System v1.0 is vulnerable to Insecure file upload.

Why Log4Text is not another Log4Shell

Categories: Exploits and vulnerabilities Categories: News Tags: Log4Text Tags: Apache Tags: Commons Text Tags: CVE-2022-42889 Tags: Log4j Tags: Log4Shell Tags: interpolators Log4Text is a recently found vulnerability in Apache Commons. Log4Text provoked a knee jerk reaction because it reminds us of Log4Shell. So should we worry? (Read more...) The post Why Log4Text is not another Log4Shell appeared first on Malwarebytes Labs.

CVE-2013-4253: openshift-extras/README.md at enterprise-2.0 · openshift/openshift-extras

The deployment script in the unsupported "OpenShift Extras" set of add-on scripts, in Red Hat Openshift 1, installs a default public key in the root user's authorized_keys file.

Apache Commons Vulnerability: Patch but Don't Panic

Experts say CVE-2022-42899 is a serious vulnerability, but widespread exploitation is unlikely because of the specific conditions that need to exist for it to happen.