NTLM Credential Theft in Python Windows Applications
This post walks through the vulnerabilities we disclosed affecting Gradio, and our work with Hugging Face to harden the Spaces platform after a recently reported potential breach. The post NTLM Credential Theft in Python Windows Applications appeared first on Horizon3.ai ... Read More
Traccar 5 Remote Code Execution Vulnerabilities
This post walks through the vulnerabilities we disclosed affecting Gradio, and our work with Hugging Face to harden the Spaces platform after a recently reported potential breach. The post Traccar 5 Remote Code Execution Vulnerabilities appeared first on Horizon3.ai ... Read More
Exploiting File Read Vulnerabilities in Gradio to Steal Secrets from Hugging Face Spaces
This post walks through the vulnerabilities we disclosed affecting Gradio, and our work with Hugging Face to harden the Spaces platform after a recently reported potential breach. The post Exploiting File Read Vulnerabilities in Gradio to Steal Secrets from Hugging Face Spaces appeared first on Horizon3.ai ... Read More
NextChat: An AI Chatbot That Lets You Talk to Anyone You Want To
NextChat a.k.a ChatGPT-Next-Web, a popular Gen AI ChatBot, is vulnerable to a critical server-side request forgery (SSRF) vulnerability. The post NextChat: An AI Chatbot That Lets You Talk to Anyone You Want To appeared first on Horizon3.ai ... Read More
NodeZero APT: Azure Password Spray Leads to Business Email Compromise
NodeZero APT: Azure Password Spray to Business Email Compromise The post NodeZero APT: Azure Password Spray Leads to Business Email Compromise appeared first on Horizon3.ai ... Read More
CVE-2024-23897: Assessing the Impact of the Jenkins Arbitrary File Leak Vulnerability
CVE-2024-23897: Assessing the Impact of the Jenkins Arbitrary File Leak Vulnerability. The post CVE-2024-23897: Assessing the Impact of the Jenkins Arbitrary File Leak Vulnerability appeared first on Horizon3.ai ... Read More
Writeup for CVE-2023-43208: NextGen Mirth Connect Pre-Auth RCE
Mirth Connect, by NextGen HealthCare, is an open source data integration platform widely used by healthcare companies. Versions prior to 4.4.1 are vulnerable to an unauthenticated remote code execution vulnerability, CVE-2023-43208. If you’re a user of Mirth Connect, you’ll want to upgrade to the latest patch release, 4.4.1, as of ... Read More
Writeup for CVE-2023-39143: PaperCut WebDAV Vulnerability
Introduction Back in Aug. 2023 we released an advisory for CVE-2023-39143, a critical vulnerability that affects Windows installs of the PaperCut NG/MF print management software. Attackers can exploit this vulnerability […] The post Writeup for CVE-2023-39143: PaperCut WebDAV Vulnerability appeared first on Horizon3.ai ... Read More
AWS Misconfiguration Leads to Buckets of Data
Misconfigured AWS Role Enables Cloud Initial Access The post AWS Misconfiguration Leads to Buckets of Data appeared first on Horizon3.ai ... Read More
Apache ActiveMQ RCE Leads to Domain Compromise
Pervasive CISA Known Exploited Vulnerability Enables Initial Access The post Apache ActiveMQ RCE Leads to Domain Compromise appeared first on Horizon3.ai ... Read More
