2月27日
第 1 季，第 8 集
19 分钟

JWT Validation Failure In Jupyter Hub, Arbitrary File Upload and SQL Injection in Mattermost, Path Traversal File Deletion in Mautic, Desrialization Of Untrusted Data in MetaSlider and more

The Exploit Podcast: CVEs and Security News

Week ending 27th Feb, 2025.

Key vulnerabilities to be discussed include:

JWT Validation Failure in JupyterHub
Arbitrary File Upload and SQL Injection in Mattermost, where versions of Mattermost are failing to properly validate board blocks when importing boards and failing to use prepared statements in SQL queries
Path Traversal File Deletion in Mautic, where improper handling of path components allows authenticated users to manipulate file deletion processes
Deserialization of Untrusted Data in MetaSlider, potentially leading to object injection

The podcast will also cover unrestricted file uploads, authentication bypasses, and SQL injection flaws in systems like GreaterWMS, Everest Forms, XOne Web Monitor and Tenda routers.

单集网页

节目

The Exploit Podcast: CVEs and Security News
频率

一周一更
发布时间

2025年2月27日 UTC 17:33
长度

19 分钟
季

1
单集

8
分级

儿童适宜

JWT Validation Failure In Jupyter Hub, Arbitrary File Upload and SQL Injection in Mattermost, Path Traversal File Deletion in Mautic, Desrialization Of Untrusted Data in MetaSlider and more

信息