Recherche : [Command-injection]

Compromising OpenWrt Supply Chain via Truncated SHA-256 Collision and Command Injection - Flatt Security Research https://flatt.tech/research/posts/compromising-openwrt-supply-chain-sha256-collision/

10/12/2024 10:31:54

In this article, I explained how I could compromise the sysupgrade.openwrt.org service by exploiting the command injection and the SHA-256 collision.
As I never found the hash collision attack in a real-world application, I was surprised that I could successfully exploit it by brute-forcing hashes.

D-Link won’t fix critical flaw affecting 60,000 older NAS devices https://www.bleepingcomputer.com/news/security/d-link-wont-fix-critical-flaw-affecting-60-000-older-nas-devices/

11/11/2024 12:03:58

More than 60,000 D-Link network-attached storage devices that have reached end-of-life are vulnerable to a command injection vulnerability with a publicly available exploit.

Cisco warns of NX-OS zero-day exploited to deploy custom malware https://www.bleepingcomputer.com/news/security/cisco-warns-of-nx-os-zero-day-exploited-to-deploy-custom-malware/

01/07/2024 19:59:25

Cisco has patched an NX-OS zero-day exploited in April attacks to install previously unknown malware as root on vulnerable switches.

Over 92,000 exposed D-Link NAS devices have a backdoor account https://www.bleepingcomputer.com/news/security/over-92-000-exposed-d-link-nas-devices-have-a-backdoor-account/

06/04/2024 20:13:31

A threat researcher has disclosed a new arbitrary command injection and hardcoded backdoor flaw in multiple end-of-life D-Link Network Attached Storage (NAS) device models.

Can't Be Contained: Finding a Command Injection Vulnerability in Kubernetes https://www.akamai.com/blog/security-research/kubernetes-critical-vulnerability-command-injection

15/09/2023 16:34:42

Akamai researchers discover a critical vulnerability in Kubernetes that can lead to remote code execution.

Liens par page

Filtres