TARLOGIC's BLOG
Cybersecurity - Page 2

Cybersecurity articles with security analysis and ethical hacking technics information

CVE-2024-3400: Unauthenticated code injection in PAN-OS
CVE-2024-3400: Unauthenticated code injection in PAN-OS
S.T.A².R.S Team

CVE-2024-3400 affects Palo Alto Networks PAN-OS software used to manage the first layer of defense for many enterprises A critical command injection vulnerability has been recently[...]

Read more
CVE-2024-3094: Backdoor in XZ Utils library
CVE-2024-3094: Backdoor in XZ Utils library
S.T.A².R.S Team

CVE-2024-3094 present in the XZ Utils library may allow an attacker to use malicious code to compromise the integrity of affected systems On March 29, a developer identified CVE-20[...]

Read more
What can be the consequences of a security breach in a web application?
What can be the consequences of a security breach in a web application?
Ciber 4 All Team

Web applications are a double-edged sword: they are the perfect showcase for potential customers, but they also act as a large window to sneak in and plunder the business. A securi[...]

Read more
BlueSpy – Spying on Bluetooth conversations
BlueSpy – Spying on Bluetooth conversations
Jesús María Gómez Moreno

BlueSpy is a proof of concept for exploiting vulnerabilities in Bluetooth headsets and eavesdropping on private conversations The first results following the publication of BSAM, a[...]

Read more
CVE-2023-49785: Vulnerability in NextChat
CVE-2023-49785: Vulnerability in NextChat
S.T.A².R.S Team

CVE-2023-49785 is a critical vulnerability affecting NextChat, an application that provides users with a web interface based on ChatGPT Information has been disclosed about a new c[...]

Read more
CVE-2024-27198 and CVE-2024-27199: JetBrains TeamCity Vulnerabilities
CVE-2024-27198 and CVE-2024-27199: JetBrains TeamCity Vulnerabilities
S.T.A².R.S Team

Vulnerabilities CVE-2024-27198 and CVE-2024-27199 affect TeamCity, a CI/CD management server software owned by JetBrains Two new vulnerabilities have been disclosed recently, which[...]

Read more
CVE-2024-22024: XXE vulnerability disclosed in Ivanti products
CVE-2024-22024: XXE vulnerability disclosed in Ivanti products
S.T.A².R.S Team

CVE-2024-22024 is an XML External Entity (XXE) vulnerability that allows a remote attacker to access internal files CVE-2024-22024, a new high rated vulnerability affecting Ivanti [...]

Read more
CVE-2023-7028: A critical vulnerability affecting GitLab
CVE-2023-7028: A critical vulnerability affecting GitLab
S.T.A².R.S Team

Critical vulnerability CVE-2023-7028 in the open source platform GitLab allows taking control of other users’ accounts A critical vulnerability has been discovered in GitLab,[...]

Read more
Critical vulnerabilities of the ownCloud platform are being exploited in the wild
Critical vulnerabilities of the ownCloud platform are being exploited in the wild
S.T.A².R.S Team

On November 21, 2023, three critical vulnerabilities were made public (CVE-2023-49103, CVE-2023-49104, CVE-2023-49105), affecting several applications of the ownCloud online file s[...]

Read more
CVE-2023-4911: The vulnerability Looney Tunables in GlibC is being actively exploited
CVE-2023-4911: The vulnerability Looney Tunables in GlibC is being actively exploited
S.T.A².R.S Team

On October 3, 2023, Qualys published information about a high-severity local privilege escalation vulnerability in the GNU C Library (glibc), which is widely used on Linux systems.[...]

Read more
1 2 3 4 5 13
Advanced penetration testing services