Apr 16, 2024NewsroomEncryption / Network Security The maintainers of the PuTTY Secure Shell (SSH) and Telnet client are alerting users of a critical vulnerability impacting versions from 0.68 through 0.80 that could be exploited to achieve full recovery of NIST P-521 (ecdsa-sha2-nistp521) private keys. The flaw has been assigned the CVE identifier CVE-2024-31497, with the […]
Oops, your XML now contains shell code The following XML code was found in the layout_update database table and is responsible for periodic reinfections of your system. Attackers combine the Magento layout parser with the beberlei/assert package (installed by default) to execute system commands. Because the layout block is tied to the checkout cart, this […]
What is a shell program? A shell program is software that provides users with an interface for accessing services in the kernel. The kernel manages the operating system’s (OS) core services. It’s a highly protected and controlled space that limits access to the system’s resources. A shell provides an intermediary connection point between the user […]
The flaw, known as CVE-2023-46604, allows attackers to execute arbitrary shell commands by exploiting the serialized class types in the OpenWire protocol. The issue affects several versions of Apache ActiveMQ, but patches have been released.