AnshumanforAnshuman's Blog!singhanshuman.hashnode.net·Feb 1, 2023Application Security Basics - SAST, DAST and more!Ever wondered what it means when you read the headlines or hear - "Hackers attacked XYZ systems! Possibility of a data breach!" Of course, this doesn't mean attacking using arrows or weapons but how do they do this? Hackers or more specifically Black...Discuss·18 likes·64 readsApplication Security
AnshumanforAnshuman's Blog!singhanshuman.hashnode.net·Jan 22, 2023Writing Vulnerability Detection Rules!In summer 2021, the Vulnerability Research and Static Analysis teams launched the Google Summer of Code (GSoC) project: Write vulnerability detection rules for SAST. For this project, we built and implemented a framework to helps transition GitLab aw...Discuss·6 likes·40 readsSAST
Rafie MuhammadforYeraisci's Blogyeraisci.hashnode.net·Jul 15, 2022Authenticated LFI & RCE on GiveWP - Donation WordPress Plugin <= 2.20.2 (CVE-2022-31475 & CVE-2022-28700)Prologue GiveWP is one of the popular wordpress plugins to handle fundraising and donation with 100k+ installation. This plugin has main features like setting up donation forms, viewing details of donations/donors and generating a report. There is al...Discuss·709 readsWordpress Plugin Vulnerability Researchbugbounty
Nguyễn Cao Huy HoàngforAntoine Nguyễn's Blogantoinenguyen-09.hashnode.net·Mar 19, 2023[CVE-2022-35649] 1-Click RCE in Moodle v4.0.1I. Introduction: Moodle is a free and open-source Course Management System (CMS), also known as a Learning Management System (LMS) or a Moodle Learning Environment (VLE). Written in PHP, it is currently used for blended learning, distance education, ...Discuss·42 readsCVE
AnshumanforAnshuman's Blog!singhanshuman.hashnode.net·Feb 1, 2023Application Security Basics - SAST, DAST and more!Ever wondered what it means when you read the headlines or hear - "Hackers attacked XYZ systems! Possibility of a data breach!" Of course, this doesn't mean attacking using arrows or weapons but how do they do this? Hackers or more specifically Black...Discuss·18 likes·64 readsApplication Security
MemgraphforMemgraphmemgraph.hashnode.net·Jan 26, 2023Efficient Threat Detection in Cybersecurity with MemgraphThe number of security vulnerabilities in code is increasing daily. We all remember the devastating consequences of the exposed vulnerability on Log4j, which affected a large number of systems all around the world. Not all vulnerabilities are as harm...DiscussMemgraph
AnshumanforAnshuman's Blog!singhanshuman.hashnode.net·Jan 22, 2023Writing Vulnerability Detection Rules!In summer 2021, the Vulnerability Research and Static Analysis teams launched the Google Summer of Code (GSoC) project: Write vulnerability detection rules for SAST. For this project, we built and implemented a framework to helps transition GitLab aw...Discuss·6 likes·40 readsSAST
Sudip SenguptaforSudip's Blog on Cloud, DevOps, Cybersecurity and ITSMssengupta3.hashnode.net·Sep 14, 2022What Are Common Vulnerabilities and Exposures (CVE)?Security vulnerabilities are weaknesses in an application stack that attackers exploit during a cyber attack to obtain unauthorized access. Common attack patterns involve leveraging these security risks to install malware, access/alter sensitive data...DiscussCVE
Tobias Reichfortobsec's blogtobjasr.hashnode.net·Aug 28, 2022PowerFolder <17.3 affected by Information Disclosure Vulnerability (CVE-2022-38793) #CampusCloudVendor of Product: dal33t GmbH Affected Product Code Base: PowerFolder <17.3 Affected Component: list of share links (powerfold.er/linkstable) Vulnerability Type: Incorrect Access Control Impact: Information Disclosure Attack Type: Remote Attack Vect...Discuss·104 readsCVE
Rafie MuhammadforYeraisci's Blogyeraisci.hashnode.net·Jul 15, 2022Authenticated LFI & RCE on GiveWP - Donation WordPress Plugin <= 2.20.2 (CVE-2022-31475 & CVE-2022-28700)Prologue GiveWP is one of the popular wordpress plugins to handle fundraising and donation with 100k+ installation. This plugin has main features like setting up donation forms, viewing details of donations/donors and generating a report. There is al...Discuss·709 readsWordpress Plugin Vulnerability Researchbugbounty
NProotforNProotnproot.hashnode.net·Jun 17, 2022[JP]CVE-2022-0778, "Nip in the Bug" and Overview Mitigations list(UTM/IPS/WAF)OpenSSL の脆弱性であるCVE-2022-0778の各UTM/IPS/WAFの対応状況とCVE-2022-0778を未然に発生させずに防げたのかの考察を投稿します。 Overview Mitigations list(UTM/IPS/WAF) ※本記事の内容は、2022年6月8日現在の公開情報をもとに記載しております。 お使いの製品でIPS機能等が利用できるライセンスであるか、シグネチャ等のアップデート方法や具体的な検知・防御の設定方法については 購入元の代理店様や運用・保守ベンダー様へお...Discuss·195 readsSecurity
![[CVE-2022-35649] 1-Click RCE in Moodle v4.0.1](https://cdn.hashnode.com/res/hashnode/image/upload/v1679245391465/241f5fef-ceeb-4770-a7c6-5d4916cd6846.avif?w=1600&h=840&fit=crop&crop=entropy&auto=compress,format&format=webp)
![[JP]CVE-2022-0778, "Nip in the Bug" and Overview Mitigations list(UTM/IPS/WAF)](https://cdn.hashnode.com/res/hashnode/image/upload/v1655480298263/23WZ-4zdG.png?w=1600&h=840&fit=crop&crop=entropy&auto=compress,format&format=webp)