Command Injection - Geek Feed

Ivanti warns of three more CSA zero-days exploited in attacks

October 9, 2024October 9, 2024 geekfeed0Tagged Actively Exploited, Cloud Services Appliance, Command Injection, Ivanti, Ivanti CSA, Remote Code Execution, Security Bypass, Zero-Day

American IT software company Ivanti has released security updates to fix three new Cloud Services Appliance (CSA) zero-days tagged as actively exploited in attacks. As Ivanti revealed on Tuesday, attackers are chaining the three security flaws with another CSA zero-day patched in September. Successful exploitation of these vulnerabilities can let remote attackers run SQL statements via […]

2 mins read

Malware exploits 5-year-old zero-day to infect end-of-life IP cameras

August 29, 2024August 29, 2024 geekfeed0Tagged Actively Exploited, AVTech, Botnet, Camera, Command Injection, Corona, IP cameras, malware, Mirai, Remote Code Execution, Security Camera

The Corona Mirai-based malware botnet is spreading through a 5-year-old remote code execution (RCE) zero-day in AVTECH IP cameras, which have been discontinued for years and will not receive a patch. The flaw, discovered by Akamai’s Aline Eliovich, is tracked as CVE-2024-7029 and is a high-severity (CVSS v4 score: 8.7) issue in the “brightness” function […]

3 mins read