Calenderweek 40 – WafdogBlog

Hackers can attack Cloudflare customers through Cloudflare

Attacker can bypass protective measures like WAF or DDoS protection through their own Cloudflare accounts. Stefan Proksch, a security expert from Certitude, an IT consulting company in Vienna, recently discovered vulnerabilities in Cloudflare’s cross-tenant security measures. This could potentially enable attackers to circumvent protection mechanisms configured by Cloud provider customers, such as the Web Application …

Hackers can attack Cloudflare customers through Cloudflare Read More »

Exploit for critical SharePoint vulnerability has surfaced

In a recent development on the code management platform GitHub, a proof-of-concept exploit for a critical security vulnerability in Microsoft SharePoint has surfaced. This vulnerability, registered as CVE-2023-29357 and having a CVSS rating of 9.8, allows malicious actors to escalate their privileges on vulnerable servers without any authentication or user interaction. Microsoft’s Swift Response: June …

Exploit for critical SharePoint vulnerability has surfaced Read More »

Hackers are exploiting a zero-day vulnerability in Atlassian Confluence

In a recent discovery, it was found that the extremely popular Atlassian Confluence platform has a zero-day vulnerability. This alarming security flaw could potentially allow malicious actors to create administrator accounts on Confluence servers and carry out malicious actions. CVE-2023-22515: A critical privilege escalation vulnerability The vulnerability, now identified as CVE-2023-22515, has been rated by …

Hackers are exploiting a zero-day vulnerability in Atlassian Confluence Read More »

Security Vulnerability in Microsoft Office Empowers Attackers with Arbitrary Code Execution

A newly uncovered security vulnerability in Microsoft Office Word has raised concerns regarding the security of this widely used productivity suite. This security flaw has been categorized as a Cross-Site Scripting (XSS) vulnerability, which allows malicious actors to execute arbitrary JavaScript code within a Word document. This XSS vulnerability affects various Office products, including Microsoft …

Security Vulnerability in Microsoft Office Empowers Attackers with Arbitrary Code Execution Read More »