Cyber Newsroom Feed

The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.

  • Comae Technologies
How to Solve the Blindspots of Event-Driven Detection

A while back, I discussed how memory could be used as an ultimate form of the log as long as the analysis workflow and process is smooth.This blog post will start by explaining the blind spots created ... Read more

Published Date: Apr 24, 2019 (5 years, 8 months ago)
  • carnal0wnage.com
Jenkins - CVE-2018-1000600 PoC

second exploit from the blog post https://blog.orange.tw/2019/01/hacking-jenkins-part-1-play-with-dynamic-routing.html Chained with CVE-2018-1000600 to a Pre-auth Fully-responded SSRF https://jenkins. ... Read more

Published Date: Mar 05, 2019 (5 years, 9 months ago)
  • carnal0wnage.com
Jenkins - messing with exploits pt3 - CVE-2019-1003000

References: https://www.exploit-db.com/exploits/46453 http://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.html This post covers the Orange Tsai Jenkins pre-auth exploit Vuln ... Read more

Published Date: Mar 05, 2019 (5 years, 9 months ago)
  • carnal0wnage.com
Jenkins - SECURITY-180/CVE-2015-1814 PoC

Forced API token change SECURITY-180/CVE-2015-1814 Affected Versions All Jenkins releases <= 1.605 All LTS releases <= 1.596.1 PoC Tested against Jenkins 1.605 POST /user/user2/descriptorByName/jenkin ... Read more

Published Date: Feb 28, 2019 (5 years, 9 months ago)
  • carnal0wnage.com
Jenkins - SECURITY-200 / CVE-2015-5323 PoC

API tokens of other users available to admins SECURITY-200 / CVE-2015-5323 API tokens of other users were exposed to admins by default. On instances that don’t implicitly grant RunScripts permission t ... Read more

Published Date: Feb 28, 2019 (5 years, 9 months ago)
  • carnal0wnage.com
Jenkins Master Post

A collection of posts on attacking Jenkins http://www.labofapenetrationtester.com/2014/08/script-execution-and-privilege-esc-jenkins.html Manipulating build steps to get RCE https://medium.com/@uraniu ... Read more

Published Date: Feb 27, 2019 (5 years, 9 months ago)
  • carnal0wnage.com
Jenkins - messing with exploits pt2 - CVE-2019-1003000

After the release of Orange Tsai's exploit for Jenkins. I've been doing some poking. PreAuth RCE against Jenkins is something everyone wants. While not totally related to the blog post and tweet the f ... Read more

Published Date: Feb 27, 2019 (5 years, 9 months ago)
  • carnal0wnage.com
Jenkins - messing with new exploits pt1

Jenkins notes for: https://blog.orange.tw/2019/01/hacking-jenkins-part-1-play-with-dynamic-routing.html http://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.html to download ... Read more

Published Date: Feb 26, 2019 (5 years, 9 months ago)
  • carnal0wnage.com
Kubernetes: Master Post

I have a few Kubernetes posts queued up and will make this the master post to index and give references for the topic. If i'm missing blog posts or useful resources ping me here or twitter. Talks you ... Read more

Published Date: Jan 07, 2019 (5 years, 11 months ago)

Filters

Showing 10 of 2679 Results
© cvefeed.io
Latest DB Update: Dec. 26, 2024 14:41