JWT Validation Failure In Jupyter Hub, Arbitrary File Upload and SQL Injection in Mattermost, Path Traversal File Deletion in Mautic, Desrialization Of Untrusted Data in MetaSlider and more

The Exploit Podcast: CVEs and Security News

27/02/2025 18 min Temporada 1 Episodio 8

Listen "JWT Validation Failure In Jupyter Hub, Arbitrary File Upload and SQL Injection in Mattermost, Path Traversal File Deletion in Mautic, Desrialization Of Untrusted Data in MetaSlider and more"

Descargar episodio Ver en sitio original

Episode Synopsis

Week ending 27th Feb, 2025. Key vulnerabilities to be discussed include: JWT Validation Failure in JupyterHub Arbitrary File Upload and SQL Injection in Mattermost, where versions of Mattermost are failing to properly validate board blocks when importing boards and failing to use prepared statements in SQL queries Path Traversal File Deletion in Mautic, where improper handling of path components allows authenticated users to manipulate file deletion processes Deserialization of Untrusted Data in MetaSlider, potentially leading to object injectionThe podcast will also cover unrestricted file uploads, authentication bypasses, and SQL injection flaws in systems like GreaterWMS, Everest Forms, XOne Web Monitor and Tenda routers.

More episodes of the podcast The Exploit Podcast: CVEs and Security News

Camera Hijack on Unifi Protect, Dylib Hijacking in Davinci Resolve, Non-deterministic Deserialization in IBC-go, Authentication Bypass in CyberArk, RCE in Uniguest Tripleplay and more 07/03/2025

Integer Overflow in Mercedes-Benz, RCE via Deserialization in Apache Ignite, Improper Authentication in Orca HCM, Plaintext Password in Netgear C7800 and more 20/02/2025

Remote code execution via Prompt Injection in PandasAI, Unverified password change vulnerability in Janto, Private Key Extraction in Elliptic (JS) and Regex Denial of Service in Koa and more 13/02/2025

Django Unicorn Class Pollution, GeoTools XPath Manipulation, Eladmin CSV Injection, Zimbra SQL Injection, Woocomerce Taxi Booking Deserialization and more 06/02/2025

Code Injection via UnTar in DJL, Header Bypass in ismp-grandpa, Arbitrary File Upload in Wordpress Plugin and more 30/01/2025

Account Takeover in Wordpress Plugin, SQL Injection in APlus, SSRF in Apache Ranger UI and more 30/01/2025

Search Injection in Mongoose, Insecure Serialization Rosa Open Source, XWiki Realtime Editor Privilege Escalation and more 30/01/2025

OpenVPN Code Injection, go-git Command Injection, Perl OAuth Nonce Manipulation and more 30/01/2025

Ver todos los episodios

ZARZA We are Zarza, the prestigious firm behind major projects in information technology.

JWT Validation Failure In Jupyter Hub, Arbitrary File Upload and SQL Injection in Mattermost, Path Traversal File Deletion in Mautic, Desrialization Of Untrusted Data in MetaSlider and more

Listen "JWT Validation Failure In Jupyter Hub, Arbitrary File Upload and SQL Injection in Mattermost, Path Traversal File Deletion in Mautic, Desrialization Of Untrusted Data in MetaSlider and more"

Episode Synopsis

More episodes of the podcast The Exploit Podcast: CVEs and Security News

Googling with breathtaking tricks you ignore

Educational Technology: From traditional to digital

Bandwidth: Broadband or Narrowband?

Personnel recruitment via Web

Deep web or Invisible Internet

Subdomains, a glance with the experts!

Free Internet, a prediction in Nostradamus style

Educational Technology: From traditional to digital

Localhost, there’s no place like 127.0.0.1

Googling with breathtaking tricks you ignore

Gray Hat Hacking, those with ambiguous ethics…

Internet Predators on the prowl

Dot COM: The Internet’s dominant TLD