Welcome to our

Cyber Security News Aggregator

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

First slide label

Some representative placeholder content for the first slide.

Second slide label

Some representative placeholder content for the second slide.

Third slide label

Some representative placeholder content for the third slide.

Angular-base64-update Demo Script Exploited (CVE-2024-42640), (Tue, Oct 15th)

published on 2024-10-15 15:08:01 UTC by
Content:

Demo scripts left behind after installing applications or frameworks are an ongoing problem. After installation, removing any "demo" or "example" folders is usually best. A few days ago, Ravindu Wickramasinghe noticed that the Angular-base64-upload project is leaving behind a demo folder with a script allowing arbitrary file uploads without authentication [1]. Exploitation of the vulnerability is trivial. An attacker may use the file upload script to upload a web shell, and in response, the attacker will obtain remote command execution with all the privileges granted to the web server.

Article: Angular-base64-update Demo Script Exploited (CVE-2024-42640), (Tue, Oct 15th) - published about 1 month ago.

https://isc.sans.edu/diary/rss/31354
Published: 2024 10 15 15:08:01
Received: 2024 10 15 15:30:35
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities
Views: 0