Technical details for CVE-2024-20767 (ColdFusion Arbitrary File System Read) from APSB24-14 have now been publicly disclosed by the researcher who reported it to Adobe PSIRT: https://jeva.
Last week's Adobe ColdFusion security update disabled searchImplicitScopes by default.
From: Pete Freitag's Homepage
Last week's Adobe ColdFusion security update disabled searchImplicitScopes by default.
From: Pete Freitag's Homepage
Last week, researchers at Sprocket Security wrote about post-exploitation in Lucee via malicious extensions.
Last week, researchers at Sprocket Security wrote about post-exploitation in Lucee via malicious extensions.
While many junior Devs struggle with code reviews, both when performing and receiving them, I've found that even the more senior team members sometimes struggle with comments left on their code.
While many junior Devs struggle with code reviews, both when performing and receiving them, I've found that even the more senior team members sometimes struggle with comments left on their code.
Adobe has published a ColdFusion Security Hotfix APSB24-14 today which describes "a critical vulnerability that could lead to arbitrary file system read".
From: Pete Freitag's Homepage
Adobe has published a ColdFusion Security Hotfix APSB24-14 today which describes "a critical vulnerability that could lead to arbitrary file system read".
From: Pete Freitag's Homepage
Yesterday around mid-day, mikevdv.
Yesterday around mid-day, mikevdv.
Next Tuesday is Adobe Patch Tuesday.
Next Tuesday is Adobe Patch Tuesday.
Remember the days that Apple used to pitch itself as David in the David and Goliath stories? Well, over the years, the tables have turned as safari has become like the IE of Old. Apple, in a short number of days, are going to intentionally kill off PWA support.
Remember the days that Apple used to pitch itself as David in the David and Goliath stories? Well, over the years, the tables have turned as safari has become like the IE of Old. Apple, in a short number of days, are going to intentionally kill off PWA support.
I recently saw a ColdFusion question about verifyClient and remote CFC functions.
I recently saw a ColdFusion question about verifyClient and remote CFC functions.
Did you miss the Adobe ColdFusion Summit in Las Vegas last year? Still bummed about missing all the rad content? You're in luck! Adobe is currently running the ColdFusion Online Summit 2024 -- it's the same (I think) sessions that were done in Las Vegas, but on line so you can watch from the c...
From: South of Shasta: Software Development, Web Design, Training
Did you miss the Adobe ColdFusion Summit in Las Vegas last year? Still bummed about missing all the rad content? You're in luck! Adobe is currently running the ColdFusion Online Summit 2024 -- it's the same (I think) sessions that were done in Las Vegas, but on line so you can watch from the c...
From: South of Shasta: Software Development, Web Design, Training
Last week, Harsh Jaiswal and Rahul Maini from ProjectDiscovery released some impressive security research on multiple vulnerabilities in Lucee (and Mura CMS and Masa CMS).
Last week, Harsh Jaiswal and Rahul Maini from ProjectDiscovery released some impressive security research on multiple vulnerabilities in Lucee (and Mura CMS and Masa CMS).
