Bit of an odd bug in the SecurityPoint UTM Firewall admin and user panels.During the normal login flow a user starts off with an empty `sessionID` value, once they authenticate successfully the server returns a filled in `sessionID`...
A stupid auth bypass (for the app, great find by the researcher), and a service-side template injection in Pentaho.Starting with the SSTI, Pentaho has a few endpoints to configure and test LDAP connections, to do so it creates an XML-based bean definition and properties file containing all the user-provided data...
When using curl, if the `--data-raw` argument starts with a `@` it will be treated as a filename and the file itself will be included as the data of the request. This sort of bug would be hard to exploit in the context of Burp and Chrome, requiring a victim to "Copy as cURL" a malicious request in the first place, and then run it...
A look at how logging attacker controlled data can be problematic in Azure Pipelines to potentially gain code execution and access to sensitive environment variables.
At its core, we have a simple mistake that can be made pretty easily on all of the cloud platforms though this post focuses in on Azure App Services and Azure Functions.Being able to easily add authentication to your apps on either is nice, but they can easily be misconfigured...
A directory traversal vulnerability in Parallels Desktop for MacOS has been identified, leading to a guest-to-host VM escape.Parallels ToolGate, a virtual PCI device, facilitates communication between the guest and host operating systems...
The vulnerability is a Server-Side MIME Sniff issue in the answerdev/answer project (a Q&A platform) that leads to a stored XSS vulnerability. What is really interesting is that the bug primarily only appears when running the application under Docker.
Two CloudTrail logging vulnerabilities have been identified, involving endpoints/services that fail to log properly.
A curious account takeover and one-time-password (OTP) bypass vulnerability has been identified.During the signup process, users receive an OTP sent to their email address...
When using the `ssrfFilter` library in conjunction with the Request library in JavaScript there is a bug that can result in the SSRF filter being disabled.The way the anti-SSRF library, `ssrfFilter` works is that is creates its own object that cna be used in=place of Node's default request agent for http/http requests...