-
CVE-2024-41765 – IBM Engineering Lifecycle Optimization File Traversal Vulnerability
CVE ID : CVE-2024-41765 Published : Jan. 4, 2025, 3:15 p.m. | 5 hours, 8 minutes ago Description : IBM Engineering Lifecycle Optimization – Publishing 7.0.2 and 7.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing “dot dot” sequences (/../) to view arbitrary files…
-
CVE-2025-0210 – Campcodes School Faculty Scheduling System SQL Injection
CVE ID : CVE-2025-0210 Published : Jan. 4, 2025, 2:15 p.m. | 6 hours, 7 minutes ago Description : A vulnerability has been found in Campcodes School Faculty Scheduling System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login. The manipulation of the argument username leads to sql injection.…
-
CVE-2024-10957 – UpdraftPlus: WP Backup & Migration Plugin PHP Object Injection
CVE ID : CVE-2024-10957 Published : Jan. 4, 2025, 2:15 p.m. | 6 hours, 7 minutes ago Description : The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.24.11 via deserialization of untrusted input in the ‘recursive_unserialized_replace’ function. This makes it possible for…
-
Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution
Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution Vulnerability / Software Security A high-severity security flaw has been disclosed in ProjectDiscovery’s Nuclei, a widely-used open-source vulnerability scanner that, if successfully exploited, could … Read more Published Date: Jan 04, 2025 (5 hours, 54 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2024-43405 Go to…
-
Detailing the Attack Surfaces of the Tesla Wall Connector EV Charger
The Tesla Wall Connector is a Level 2 electric vehicle charge station designed for use by residential home users. The device has a minimal user interface in its hardware, providing a Wi-Fi based interface for configuration and an NFC reader for user authentication. The device does not come with a dedicated mobile application out of…
-
SolarWinds Access Rights Manager: One Vulnerability to LPE Them All
Some time ago, I spent some time researching a core SolarWinds product, SolarWinds Platform (previously Orion Platform). At that time, I hadn’t been aware of the SolarWinds Access Right Manager product (Solar Winds ARM). Afterward, Trend Micro’s Zero Day Initiative began receiving submissions of vulnerabilities in Access Rights Manager (ARM). The first submissions we received…
-
Detailing the Attack Surfaces of the WolfBox E40 EV Charger
The WolfBox E40 is a Level 2 electric vehicle charge station designed for residential home use. Its hardware has a minimal user interface, providing a Bluetooth Low Energy (BLE) interface for configuration and an NFC reader for user authentication. Typical for this class of devices, the appliance employs a mobile application for the owner’s installation…
-
The December 2024 Security Update Review
We have made it to the end of the year and the final Patch Tuesday of 2024. As expected, Microsoft and Adobe have released what (hopefully) will be their last patches of the year. Take a break from your holiday preparations and join us as we review the details of their latest security alerts. If…
-
Looking at the Internals of the Kenwood DMX958XR IVI
For the upcoming Pwn2Own Automotive contest, a total of four in-vehicle infotainment (IVI) head units have been selected as targets. One of these is the double DIN Kenwood DMX958XR. This unit offers a variety of functionality, such as wired and wireless Android Auto and Apple CarPlay, as well as USB media playback, wireless mirroring, and…
-
Looking at the Attack Surfaces of the Kenwood DMX958XR IVI
In our previous Kenwood DMX958XR blog post, we detailed the internals of the Kenwood in-vehicle infotainment (IVI) head unit and provided annotated pictures of each PCB. In this post, we aim to outline the attack surface of the DMX958XR in the hopes of providing inspiration for vulnerability research. We will cover the main supported technologies…