This article assesses the large-scale exposure of systems to multiple CVEs affecting the CUPS printing service, which can be chained together to achieve unauthenticated remote code execution (RCE). We provide an overview of how these vulnerabilities, including CVE-2024-47176, work in tandem, walking through the exploit flow. Additionally, we analyze how many systems are potentially vulnerable and highlight a unique behavior observed during testing.

Engineering

Threat Center v2: 🚨 Staying Ahead of Vulnerabilities 🛡️

The Threat Center provides essential updates for organizations to stay informed about security threats, offering actionable intelligence and detailed asset information to help users proactively protect their systems.

Thu 10 October 2024

Security

Deep Dive: Stored XSS Vulnerability in LiteSpeed Cache Plugin for WordPress (CVE-2024-47374)

An in-depth look at the CVE-2024-47374 vulnerability affecting LiteSpeed Cache plugin for WordPress, its impact, and a technical breakdown of our detection method.

Thu 10 October 2024

Product

HTTP2, Private Custom Checks, actively exploited CVE and much more.

The latest releases introduce HTTP/2 support, improve UI and detection, enhance privacy and security measures, and update custom checks and analysis environments for better performance.

Mon 07 October 2024

The article delves into the technical details of this CVE, its potential impact, and the methods used to detect and exploit it.

The article uncovers an Arbitrary File Read vulnerability in VigorConnect that lets attackers access sensitive files. The issue originates from improper input validation in file handling methods.

Latest posts

Enhanced Vulnerability Detection, Expanded Features, and Critical Fixes

This update introduces enhanced vulnerability detection with AI improvements, new UI features, expanded support for asset types, upgraded network interception, and broader CVE coverage, alongside several bug fixes and optimizations across scanning, fingerprinting, and GitHub Actions.

Mon 09 September 2024

OXO Titan, Support for CVSS4, and Attack Surface search with certificates

Our latest release features a new OnPrem UI, better PDF Reports with insightful graphs, support for CVSS4, plus much more.

Wed 28 August 2024

OXO Titan UI: Simplifying Security Scanning for Everyone

OXO Titan UI encapsulates OXO's capabilities within an accessible interface, democratizing advanced security scanning techniques. This article explores OXO Titan's journey from concept to reality, highlighting its key features and presenting a practical user workflow example.

Mon 26 August 2024

Privacy Compliance Testing, Fingerprint detection, and User Experience Enhancements

Dive into our latest release featuring the introduction of Privacy Compliance Testing, new detection of several fingerprints, and User Experience Enhancements.

Mon 12 August 2024

Threat Center, Account Security Enhancements, and added detection

Dive into our latest release featuring the introduction of a Threat Center, enhanced account security, and new detection.

Mon 05 August 2024

Advanced Techniques for Bypassing 4xx Errors

Discover the comprehensive techniques that are commonly used to bypass 4xx errors. Learn about the various methods used, including HTTP method fuzzing, request header manipulation, parameter tampering, and more.

Mon 05 August 2024

Advanced XSS Protection, CircleCI Enhancements, and UI Upgrades in Our Latest Release

Dive into our latest release featuring cutting-edge XSS detection, streamlined CircleCI workflows, sleek UI enhancements, and robust security integrations with Codecov and UV—designed to empower and secure your digital experience.

Wed 31 July 2024

Revolutionizing Mobile Security Testing with Ostorlab's AI-Powered Monkey Tester

Introducing the AI-powered Monkey Tester in the Ostorlab mobile vulnerability scanner, significantly boosting test coverage and speed for a more comprehensive and efficient testing experience.

Tue 16 July 2024


Previous
1 of 14