00:03 New ColdFusion vulnerability announced with bug bounty program implications. 01:04 ColdFusion Local File Read vulnerability on MacBook 01:55 UUID is essential for sending requests 02:50 CFC provides uu ID to access ETC password file on server 03:42 Identifying and accessing vulnerable CloudFusion instances 04:38 Identifying and exploiting vulnerabilities in ColdFusion server. 05:28 Using curl to make a request to local host 8500 and analyzing the headers 06:19 Update to prevent exploitation of ColdFusion vulnerability

Jackson Linda Rodriguez Margaret Johnson Sharon

More CVE videos please 🙏

Encase you were looking for the referenced DC26 talk: Orange Tsai - Breaking Parser Logic - kzbin.info/www/bejne/aGnbiJaImsyhmdk

The stages involved in resolving issues related to CVE-2024-20767 would typically include: 1. Discovery: The vulnerability is identified, either by a reporter or through internal testing. 2. Reporting: The reporter contacts the CVE Assignment Team or a CNA to request a CVE ID for CVE-2024-20767. 3. Evaluation: The vulnerability is evaluated to determine its severity and impact. 4. Assignment: A CVE ID is assigned to CVE-2024-20767 by the CVE Assignment Team or a CNA. 5. Documentation: The vulnerability details are documented in the MITRE glossary and analyzed by NIST. 6. Publication: The vulnerability information is listed in NIST's National Vulnerability Database (NVD) for public access. 7. Mitigation: Once the vulnerability is public, vendors and organizations work on providing patches or mitigations to address CVE-2024-20767. These stages ensure that the vulnerability is properly identified, documented, and addressed to enhance cybersecurity.

Omg 😯

To reinstall and renew security for CVE-2024-20767, you should ensure that you have the latest security updates installed for the affected software. Check the Microsoft Security Update Guide for specific details on addressing this CVE. It is recommended to regularly update your software to mitigate vulnerabilities and enhance security.

second!

Yooo 🎉

Why does the uuid header bypass the 403? I’ve not heard of an application using uuid headers for authorization before

I want to transition from a traditional office environment to a freelance security professional role. Could you give me a couple of advices? thank you.

Hello， Are you full time bug bounty ?

Thanks Nahmsec. Are you doing any content from this year's HackSpaceCon? I am super pumped for the conference!