December 28, 2023 at 11:21AM Apache OFBiz, utilized for business operations, contains a critical pre-authentication remote code execution vulnerability, CVE-2023-49070, actively being exploited. A patch to resolve the issue was found incomplete, resulting in the discovered bypass flaw, CVE-2023-51467. The urgency for users to upgrade to version 18.12.11 is emphasized due to the risk of … Read more
December 27, 2023 at 11:18AM A new zero-day security flaw (CVE-2023-51467) in Apache OfBiz ERP system allows bypassing authentication. It stems from an incomplete patch for the CVE-2023-49070 vulnerability. Exploiting the flaw facilitates unauthorized access and potential SSRF attacks. The SonicWall Capture Labs advises updating to Apache OfBiz version 18.12.11 or later to mitigate the … Read more
November 15, 2023 at 10:04AM The text discusses the significance of web application security and introduces the OWASP Top 10, which is a comprehensive resource highlighting the most critical security risks to web applications. The latest edition of the OWASP Top 10 is presented, along with testing strategies for each risk. Regular web application security … Read more
November 6, 2023 at 05:24AM Microsoft has confirmed that the four Exchange vulnerabilities disclosed by Trend Micro’s Zero Day Initiative (ZDI) either have been patched or do not require immediate attention. ZDI had identified the high-severity vulnerabilities but clarified that they are not actual zero-days and have not been exploited in the wild. Microsoft stated … Read more