EPISODE · Oct 18, 2022 · 25 MIN
[bounty] GitHub to GitLab RCE and a new PHP Supply Chain Attack
from Day[0] · host dayzerosec
This week we look at a insecure deserialization (GitLab), argument injection (Packagist), and insecure string interpolation (Apache Commons Text) Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/159.html [00:00:00] Introduction [00:01:01] New reward system to accelerate learning and growth on Detectify [00:04:33] RCE via github import [00:11:27] Securing Developer Tools: A New Supply Chain Attack on PHP [00:17:32] FortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass Technical Deep Dive [CVE-2022-40684] [00:23:08] Apache Commons Text Interpolation leading to potential RCE [CVE-2022-42889]
What this episode covers
This week we look at a insecure deserialization (GitLab), argument injection (Packagist), and insecure string interpolation (Apache Commons Text) Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/159.html [00:00:00] Introduction [00:01:01] New reward system to accelerate learning and growth on Detectify [00:04:33] RCE via github import [00:11:27] Securing Developer Tools: A New Supply Chain Attack on PHP [00:17:32] FortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass Technical Deep Dive [CVE-2022-40684] [00:23:08] Apache Commons Text Interpolation leading to potential RCE [CVE-2022-42889]
NOW PLAYING
[bounty] GitHub to GitLab RCE and a new PHP Supply Chain Attack
No transcript for this episode yet
Similar Episodes
Sep 22, 2023 ·20m
Sep 22, 2023 ·20m
Sep 22, 2023 ·27m
Sep 22, 2023 ·14m
Sep 22, 2023 ·24m
Sep 22, 2023 ·22m