Deserialization of Untrusted Data in Apache Dubbo
Apache Dubbo prior to 2.6.9 and 2.7.10 by default supports generic calls to arbitrary methods exposed by provider interfaces. These invocations are handled by the GenericFilter which will find the ser ...
Continue Reading30 мая, 2022
(Pwn2Own) Cisco RV340 JSON RPC file-copy Command Injection Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Cisco RV340 routers. An attacker must first obtain the ability to execute low-privileged code on the targe ...
Continue Reading30 мая, 2022
Duo of Android dropper and payload target certain countries and app users
After making its first in-the-wild appearance in March 2021, Vulturan information-stealing RAT that runs on Androidis back. And its dropper is equally nasty. Vultur (Romanian for "vulture") is kno ...
Continue Reading30 мая, 2022
Back to Main