all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

CVE-2023-35150: Arbitrary Code Injection in XWiki.org XWiki

Add to bookmarks
Aug. 23, 2023, 3:46 p.m. | Trend Micro Research Team

Zero Day Initiative - Blog www.zerodayinitiative.com

In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Simon Humbert and Lucas Miller of the Trend Micro Research Team detail a recently patched remote code execution vulnerability in the XWiki free wiki software platform. This bug was originally discovered by Michael Hamann with public Proof-of-Concept (PoC) code provided by Manuel Leduc. Successful exploitation of this vulnerability would allow an authenticated attacker to perform an arbitrary code injection on affected systems. The following is a portion of …

blog post bug code code execution code injection concept cve free injection michael micro miller org platform poc proof proof-of-concept public remote code remote code execution report research service software software platform team trend trend micro vulnerability vulnerability research wiki

Visit resource

More from www.zerodayinitiative.com / Zero Day Initiative - Blog

CVE-2024-30043: Abusing URL Parsing Confusion to Exploit XXE on SharePoint Server and Cloud 2 days, 13 hours ago | www.zerodayinitiative.com
abusing blog blog post bug +23
MindShaRE: Decapping Chips for Electromagnetic Fault Injection (EMFI) 1 week, 2 days ago | www.zerodayinitiative.com
attack automotive blog blog post +12
The May 2024 Security Update Review 2 weeks, 4 days ago | www.zerodayinitiative.com
adobe blog post can check +16
CVE-2024-21115: An Oracle VirtualBox LPE Used to Win Pwn2Own 3 weeks, 2 days ago | www.zerodayinitiative.com
april blog blog post bug +18
CVE-2024-2887: A Pwn2Own Winning Bug in Google Chrome 4 weeks, 2 days ago | www.zerodayinitiative.com
blog blog post browsers bug +20
CVE-2024-20697: Windows Libarchive Remote Code Execution Vulnerability 1 month, 2 weeks ago | www.zerodayinitiative.com
amp blog post bug code +25
The April 2024 Security Updates Review 1 month, 3 weeks ago | www.zerodayinitiative.com
adobe april blog post can +12
Pwn2Own Vancouver 2024 - Day Two Results 2 months, 1 week ago | www.zerodayinitiative.com
blog post chrome edge event +10
Pwn2Own Vancouver 2024 - Day One Results 2 months, 1 week ago | www.zerodayinitiative.com
blog blog post browser day one +11

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote
View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC
View on infosec-jobs.com