A critical severity flaw with the maximum severity rating is discovered in the GitHub Enterprise Server (GHES). Tracked as CVE-2024-4985, the vulnerability may allow an attacker to access the vulnerable server without prior authentication.
Tag: github
FireEye Discloses Breach – Theft of Cybersecurity Tools
On December 8, 2020, FireEye – a $3.5 billion enterprise – disclosed theft of their Red Team tools. Red Team tools are essentially built from malware that the company has seen used in a wide range of attacks. FireEye says the hackers now have an influential collection of new techniques to draw upon. The stolen … Continue reading “FireEye Discloses Breach – Theft of Cybersecurity Tools”
vBulletin pre-auth Remote Code Execution Vulnerability
vBulletin is a well-known forum software worldwide. Recently a pre-auth RCE was observed that bypasses CVE-2019-16759, September 2019 vBulletin patch. Security researcher Amir Etemadieh (Zenfox) has discovered this zero day and has published POC in various formats in his blog on 9th Aug,2020. Description The vulnerability exists in the dynamic creation of widgets at ajax/render/widget_tabbedcontainer_tab_panel. … Continue reading “vBulletin pre-auth Remote Code Execution Vulnerability”