Shows
The Exploit Podcast: CVEs and Security NewsCamera Hijack on Unifi Protect, Dylib Hijacking in Davinci Resolve, Non-deterministic Deserialization in IBC-go, Authentication Bypass in CyberArk, RCE in Uniguest Tripleplay and moreWeek ending 6th March 2025. Get ready for a deep dive into a newly released batch of critical security advisories. We're breaking down dozens of high-severity vulnerabilities affecting everything from WordPress themes and plugins to enterprise solutions like Vasion Print and UniFi Protect. Learn about the attack vectors, including remote code execution, authentication bypasses, and the ever-present SQL injection, and understand the potential impact on your data and infrastructure. This episode is your guide to understanding and mitigating these urgent threats.
2025-03-0728 minThe Exploit Podcast: CVEs and Security NewsJWT Validation Failure In Jupyter Hub, Arbitrary File Upload and SQL Injection in Mattermost, Path Traversal File Deletion in Mautic, Desrialization Of Untrusted Data in MetaSlider and moreWeek ending 27th Feb, 2025. Key vulnerabilities to be discussed include: JWT Validation Failure in JupyterHub Arbitrary File Upload and SQL Injection in Mattermost, where versions of Mattermost are failing to properly validate board blocks when importing boards and failing to use prepared statements in SQL queries Path Traversal File Deletion in Mautic, where improper handling of path components allows authenticated users to manipulate file deletion processes Deserialization of Untrusted Data in MetaSlider, potentially leading to object injectionThe podcast will also cover unrestricted file uploads, authentication bypasses, and SQL injection flaws in systems like GreaterWMS...
2025-02-2718 minThe Exploit Podcast: CVEs and Security NewsInteger Overflow in Mercedes-Benz, RCE via Deserialization in Apache Ignite, Improper Authentication in Orca HCM, Plaintext Password in Netgear C7800 and moreWeek ending 20th Feb. The Exploit Podcast dives deep into the week's most critical vulnerabilities affecting software, hardware, and web applications. Host and Principal Security Architect dissect real-world security challenges, from a sensitive information leak in a popular WordPress plugin (Oliver POS) to SAML signature bypasses in the CIE authentication library, command injection in Widget Options, and authentication flaws in TP-Link and D-Link routers. This episode highlights the importance of input validation, robust authentication, and staying vigilant in the face of ever-evolving threats. Perfect for engineers and security researchers looking to stay informed.
2025-02-2030 minThe Exploit Podcast: CVEs and Security NewsRemote code execution via Prompt Injection in PandasAI, Unverified password change vulnerability in Janto, Private Key Extraction in Elliptic (JS) and Regex Denial of Service in Koa and moreWeek ending 13th Feb 2025. Get ready for another intense week in cybersecurity! This week, we're diving deep into a fresh batch of critical vulnerabilities hitting everything from WordPress plugins to enterprise software. We'll uncover flaws that could let attackers remotely hijack your systems, steal your data, or even take over entire networks. From privilege escalation in popular WordPress plugins that leave sites wide open to unauthenticated attackers, to a critical vulnerability in Elliptic that allows for private key extraction, we're breaking down the threats and what you can do to protect yourself. Don't miss this crucial update on the vu...
2025-02-1326 minThe Exploit Podcast: CVEs and Security NewsDjango Unicorn Class Pollution, GeoTools XPath Manipulation, Eladmin CSV Injection, Zimbra SQL Injection, Woocomerce Taxi Booking Deserialization and moreWeek 5 ending 6th Feb, 2025. In this episode, we dive deep into the latest security advisories, uncovering a surge of critical vulnerabilities affecting a wide range of software. From command injection flaws in EasyVirt DCScope and privilege escalation vulnerabilities due to weak encryption, to remote code execution exploits in Advantive VeraCore and ClassCMS, we break down the threats and their potential impact. We also discuss a concerning class pollution vulnerability in Django-Unicorn that can lead to XSS, DoS, and authentication bypass. Plus, we'll cover SQL injection flaws in Moss and Zimbra Collaboration, file upload vulnerabilities in ChestnutCMS, and memory corruption...
2025-02-0620 minThe Exploit Podcast: CVEs and Security NewsCode Injection via UnTar in DJL, Header Bypass in ismp-grandpa, Arbitrary File Upload in Wordpress Plugin and moreA deep dive into the most critical security vulnerabilities reported in late January 2025. We cover everything from remote code execution flaws to SQL injections, and discuss the potential impact of these threats. These podcasts are auto-generated from the CVE feeds. Please use the information at your own risk.
2025-01-3034 minThe Exploit Podcast: CVEs and Security NewsAccount Takeover in Wordpress Plugin, SQL Injection in APlus, SSRF in Apache Ranger UI and moreWeek ending 23rd Jan. This week's security landscape is riddled with critical flaws across various platforms. We're seeing a surge in vulnerabilities stemming from inadequate input validation, leading to issues like privilege escalation and account takeovers in WordPress plugins. SQL Injection remains a prevalent threat, allowing attackers to manipulate databases, while arbitrary file upload vulnerabilities pose significant risks for remote code execution. We also have reports of operating system command injections and insecure deserialization of data, creating avenues for malicious attacks. Additionally, TLS certificate validation issues, logic errors, and insufficient permission assignments are all creating points of entry for...
2025-01-3022 minThe Exploit Podcast: CVEs and Security NewsSearch Injection in Mongoose, Insecure Serialization Rosa Open Source, XWiki Realtime Editor Privilege Escalation and moreWeek ending 16th Jan. This podcast episode delves into recent critical software vulnerabilities, breaking down their technical details and real-world implications. Topics include server-side template injection (SSTI), OAuth nonce predictability, OS command injection, and file upload vulnerabilities. The discussion explores how attackers exploit these weaknesses, the potential impact on systems and users, and best practices for mitigation. Whether you're a cybersecurity professional or just interested in software security, this episode provides valuable insights into the latest threats and defense strategies.
These podcasts are auto-generated from the CVE feeds. Please use the information at your own risk.
2025-01-3019 minThe Exploit Podcast: CVEs and Security NewsOpenVPN Code Injection, go-git Command Injection, Perl OAuth Nonce Manipulation and moreWeek ending 9th Jan. This episode dives into some of the most critical security vulnerabilities recently discovered. From web applications to network devices and authentication systems, we break down how these exploits work, their potential impact, and what can be done to mitigate them. Whether you're a security professional or just curious about the latest threats, this discussion will keep you informed. Stay ahead of the curve—tune in now!
These podcasts are auto-generated from the CVE feeds. Please use the information at your own risk.
2025-01-3016 min