FreshRSS

๐Ÿ”’
โŒ Secure Planet Training Courses Updated For 2019 - Click Here
There are new available articles, click to refresh the page.
โ˜ โ˜† โœ‡ The Hacker News

Recent SSRF Flaw in Ivanti VPN Products Undergoes Mass Exploitation

By: Newsroom โ€” February 6th 2024 at 06:58
A recently disclosed server-side request forgery (SSRF) vulnerability impacting Ivanti Connect Secure and Policy Secure products has come under mass exploitation. The Shadowserver Foundation said it observed exploitation attempts originating from more than 170 unique IP addresses that aim to establish a reverse shell, among others. The attacks exploit CVE-2024-21893 (CVSS
โ˜ โ˜† โœ‡ The Hacker News

Critical Zero-Day in Apache OfBiz ERP System Exposes Businesses to Attack

By: Newsroom โ€” December 27th 2023 at 15:39
A new zero-day security flaw has been discovered in Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system that could be exploited to bypass authentication protections. The vulnerability, tracked as CVE-2023-51467, resides in the login functionality and is the result of an incomplete patch for another critical vulnerability (CVE-2023-49070, CVSS score: 9.8) that was released
โŒ