Tarlogic's Blog - Cybersecurity

Cybersecurity articles with security analysis and ethical hacking technics information

CVE-2024-3094: Backdoor in XZ Utils library
CVE-2024-3094: Backdoor in XZ Utils library
- S.T.A².R.S Team

CVE-2024-3094 present in the XZ Utils library may allow an attacker to use malicious code to compromise the integrity of affected systems On March 29, a developer identified CVE-20[...]

Read more
What can be the consequences of a security breach in a web application?
What can be the consequences of a security breach in a web application?
- Ciber 4 All Team

Web applications are a double-edged sword: they are the perfect showcase for potential customers, but they also act as a large window to sneak in and plunder the business. A securi[...]

Read more
BlueSpy – Spying on Bluetooth conversations
BlueSpy – Spying on Bluetooth conversations
- Jesús María Gómez Moreno

BlueSpy is a proof of concept for exploiting vulnerabilities in Bluetooth headsets and eavesdropping on private conversations The first results following the publication of BSAM, a[...]

Read more
CVE-2023-49785: Vulnerability in NextChat
CVE-2023-49785: Vulnerability in NextChat
- S.T.A².R.S Team

CVE-2023-49785 is a critical vulnerability affecting NextChat, an application that provides users with a web interface based on ChatGPT Information has been disclosed about a new c[...]

Read more
CVE-2024-27198 and CVE-2024-27199: JetBrains TeamCity Vulnerabilities
CVE-2024-27198 and CVE-2024-27199: JetBrains TeamCity Vulnerabilities
- S.T.A².R.S Team

Vulnerabilities CVE-2024-27198 and CVE-2024-27199 affect TeamCity, a CI/CD management server software owned by JetBrains Two new vulnerabilities have been disclosed recently, which[...]

Read more
CVE-2024-22024: XXE vulnerability disclosed in Ivanti products
CVE-2024-22024: XXE vulnerability disclosed in Ivanti products
- S.T.A².R.S Team

CVE-2024-22024 is an XML External Entity (XXE) vulnerability that allows a remote attacker to access internal files CVE-2024-22024, a new high rated vulnerability affecting Ivanti [...]

Read more
CVE-2023-7028: A critical vulnerability affecting GitLab
CVE-2023-7028: A critical vulnerability affecting GitLab
- S.T.A².R.S Team

Critical vulnerability CVE-2023-7028 in the open source platform GitLab allows taking control of other users’ accounts A critical vulnerability has been discovered in GitLab,[...]

Read more
Critical vulnerabilities of the ownCloud platform are being exploited in the wild
Critical vulnerabilities of the ownCloud platform are being exploited in the wild
- S.T.A².R.S Team

On November 21, 2023, three critical vulnerabilities were made public (CVE-2023-49103, CVE-2023-49104, CVE-2023-49105), affecting several applications of the ownCloud online file s[...]

Read more
CVE-2023-4911: The vulnerability Looney Tunables in GlibC is being actively exploited
CVE-2023-4911: The vulnerability Looney Tunables in GlibC is being actively exploited
- S.T.A².R.S Team

On October 3, 2023, Qualys published information about a high-severity local privilege escalation vulnerability in the GNU C Library (glibc), which is widely used on Linux systems.[...]

Read more
CVE-2023-38545: Heap overflow vulnerability in curl (SOCKS 5)
CVE-2023-38545: Heap overflow vulnerability in curl (SOCKS 5)
- S.T.A².R.S Team

The vulnerability CVE-2023-38545 affects curl, a command line tool and software library used to transfer data to and from a server On October 11th, 2023 the curl development team h[...]

Read more
1 2 3 4 12
Advanced penetration testing services