Google Alert - site: portswigger.net/daily-swig/vulnerabilities

Go SAML library vulnerable to authentication bypass | The Daily Swig – PortSwigger

Read full post . . . or http://www.go-que.com/go-saml-library-vulnerable-to-authentication-bypass-the-daily-swig-portswigger

Read full post . . . or https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/go-saml-library-vulnerable-to-authentication-bypass&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw0V5kwkHPLP3AYK3A3M2eFK

An attacker could masquerade as an authenticated user without presenting credentials. https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/go-saml-library-vulnerable-to-authentication-bypass&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw0V5kwkHPLP3AYK3A3M2eFK

Critical vulnerability allowed attackers to remotely unlock, control Hyundai, Genesis vehicles

Read full post . . . or http://www.go-que.com/critical-vulnerability-allowed-attackers-to-remotely-unlock-control-hyundai-genesis-vehicles

Read full post . . . or https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/critical-vulnerability-allowed-attackers-to-remotely-unlock-control-hyundai-genesis-vehicles&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw3ZxUpJxVdVDqCzZB430-p8

Changing a PIN. ○ Unlocking the boot. Speaking to The Daily Swig, Curry said the vulnerability was disclosed to Hyundai roughly two months ago as … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/critical-vulnerability-allowed-attackers-to-remotely-unlock-control-hyundai-genesis-vehicles&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw3ZxUpJxVdVDqCzZB430-p8

Bug Bounty Radar // The latest bug bounty programs for December 2022 | The Daily Swig

Read full post . . . or http://www.go-que.com/bug-bounty-radar-the-latest-bug-bounty-programs-for-december-2022-the-daily-swig

Read full post . . . or https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/bug-bounty-radar-the-latest-bug-bounty-programs-for-december-2022&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw31fJFJwQi6Sutd4bsAMTzH

Many bug bounty and vulnerability disclosure programs offer safe harbor agreements that allow hackers acting in good faith to do their thing. https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/bug-bounty-radar-the-latest-bug-bounty-programs-for-december-2022&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw31fJFJwQi6Sutd4bsAMTzH

Tailscale VPN nodes vulnerable to DNS rebinding, RCE | The Daily Swig – PortSwigger

Read full post . . . or http://www.go-que.com/tailscale-vpn-nodes-vulnerable-to-dns-rebinding-rce-the-daily-swig-portswigger

Read full post . . . or https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/tailscale-vpn-nodes-vulnerable-to-dns-rebinding-rce&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw0Q4vyh40KqtwpJghkNXKr6

DNS rebinding, RCE vulnerability found in Tailscale VPN … The malicious website can exploit this feature to change the Tailscale “control plane” … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/tailscale-vpn-nodes-vulnerable-to-dns-rebinding-rce&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw0Q4vyh40KqtwpJghkNXKr6

Intel disputes seriousness of Data Centre Manager authentication flaw | The Daily Swig

Read full post . . . or http://www.go-que.com/intel-disputes-seriousness-of-data-centre-manager-authentication-flaw-the-daily-swig

Read full post . . . or https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/intel-disputes-seriousness-of-data-centre-manager-authentication-flaw&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw2oes6ybxAKyiD7CfEMnEq4

Despite the contended vulnerability disclosure process, Ahrens argued successfully enough for Intel to make a one-time exception and reward the … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/intel-disputes-seriousness-of-data-centre-manager-authentication-flaw&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw2oes6ybxAKyiD7CfEMnEq4

Vulnerability in AWS AppSync allowed unauthorized access to cloud resources

Read full post . . . or http://www.go-que.com/vulnerability-in-aws-appsync-allowed-unauthorized-access-to-cloud-resources

Read full post . . . or https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/vulnerability-in-aws-appsync-allowed-unauthorized-access-to-cloud-resources&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw0PUNACYNj0fxoTNLygYIt4

The Daily Swig … A vulnerability in Amazon Web Services (AWS) AppSync enabled unauthorized cross-account access to AWS resources, according to … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/vulnerability-in-aws-appsync-allowed-unauthorized-access-to-cloud-resources&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw0PUNACYNj0fxoTNLygYIt4

ConnectWise closes XSS vector for remote hijack scams | The Daily Swig – PortSwigger

Read full post . . . or http://www.go-que.com/connectwise-closes-xss-vector-for-remote-hijack-scams-the-daily-swig-portswigger

Read full post . . . or https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/connectwise-closes-xss-vector-for-remote-hijack-scams&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw31nKx3mrfILOX4UK_xqFGV

A cross-site scripting (XSS) vulnerability in ConnectWise Control, the remote monitoring and management (RMM) platform, offered attackers a … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/connectwise-closes-xss-vector-for-remote-hijack-scams&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw31nKx3mrfILOX4UK_xqFGV

Mastodon vulnerable to multiple system configuration problems | The Daily Swig

Read full post . . . or http://www.go-que.com/mastodon-vulnerable-to-multiple-system-configuration-problems-the-daily-swig

Read full post . . . or https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/mastodon-vulnerable-to-multiple-system-configuration-problems&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw0qemFejyYYI_005NftJzn8

Security researchers such as Alevski, and PortSwigger’s Gareth Heyes before him, however have found the security maturity of Mastodon wanting. More … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/mastodon-vulnerable-to-multiple-system-configuration-problems&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw0qemFejyYYI_005NftJzn8

Ibexa DXP patched for GraphQL password hash leak vulnerability | The Daily Swig

Read full post . . . or http://www.go-que.com/ibexa-dxp-patched-for-graphql-password-hash-leak-vulnerability-the-daily-swig

Read full post . . . or https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/ibexa-dxp-patched-for-graphql-password-hash-leak-vulnerability&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw2M7OmGHGrm8tgvxdQnAIj_

The other resolved security flaws - a subtree limitation failure in role assignment policies, a cross-site scripting (XSS) flaw in content type … https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/ibexa-dxp-patched-for-graphql-password-hash-leak-vulnerability&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw2M7OmGHGrm8tgvxdQnAIj_

HackerOne encourages customers to adopt standard policy to protect hackers from legal problems

Read full post . . . or http://www.go-que.com/hackerone-encourages-customers-to-adopt-standard-policy-to-protect-hackers-from-legal-problems

Read full post . . . or https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/hackerone-encourages-customers-to-adopt-standard-policy-to-protect-hackers-from-legal-problems&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw3z3meOFkuBtJfHhhDO7hQP

Both vulnerability disclosure programs and bug bounty programs … recent US government cybersecurity policy updates, The Daily Swig understands. https://www.google.com/url?rct=j&sa=t&url=https://portswigger.net/daily-swig/hackerone-encourages-customers-to-adopt-standard-policy-to-protect-hackers-from-legal-problems&ct=ga&cd=CAIyGjgzMjVmMTg3YzNmN2FkZTk6Y29tOmVuOlVT&usg=AOvVaw3z3meOFkuBtJfHhhDO7hQP

Go Que Newsroom

Categories