#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
Maximizing Efficiency and Security in Government Cloud Environments

Directory Traversal | Breaking Cybersecurity News | The Hacker News

Category — Directory Traversal
HPE Issues Security Patch for StoreOnce Bug Allowing Remote Authentication Bypass

HPE Issues Security Patch for StoreOnce Bug Allowing Remote Authentication Bypass

Jun 04, 2025 Vulnerability / DevOps
Hewlett Packard Enterprise (HPE) has released security updates to address as many as eight vulnerabilities in its StoreOnce data backup and deduplication solution that could result in an authentication bypass and remote code execution. "These vulnerabilities could be remotely exploited to allow remote code execution, disclosure of information, server-side request forgery, authentication bypass, arbitrary file deletion, and directory traversal information disclosure vulnerabilities," HPE said in an advisory. This includes a fix for a critical security flaw tracked as CVE-2025-37093, which is rated 9.8 on the CVSS scoring system. It has been described as an authentication bypass bug affecting all versions of the software prior to 4.3.11. The vulnerability, along with the rest, was reported to the vendor on October 31, 2024. According to the Zero Day Initiative (ZDI), which credited an anonymous researcher for discovering and reporting the shortcoming, said the problem is...
Mirai Botnet targeting OFBiz Servers Vulnerable to Directory Traversal

Mirai Botnet targeting OFBiz Servers Vulnerable to Directory Traversal

Aug 02, 2024 Vulnerability / Network Security
Enterprise Resource Planning (ERP) Software is at the heart of many enterprising supporting human resources, accounting, shipping, and manufacturing. These systems can become very complex and difficult to maintain. They are often highly customized, which can make patching difficult. However, critical vulnerabilities keep affecting these systems and put critical business data at risk.  The SANS Internet Storm Center published a report showing how the open-source ERP framework OFBiz is currently the target of new varieties of the Mirai botnet. As part of its extensive project portfolio, the Apache Foundation supports OFBiz , a Java-based framework for creating ERP (Enterprise Resource Planning) applications. OFBiz appears to be far less prevalent than commercial alternatives. However, just as with any other ERP system, organizations rely on it for sensitive business data, and the security of these ERP systems is critical. In May this year, a critical security update was releas...
CISA Warns of Actively Exploited Apache Flink Security Vulnerability

CISA Warns of Actively Exploited Apache Flink Security Vulnerability

May 23, 2024 Threat Intelligence / Vulnerability,
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday  added  a security flaw impacting Apache Flink, an open-source, unified stream-processing and batch-processing framework, to the Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation. Tracked as  CVE-2020-17519 , the issue relates to a case of improper access control that could allow an attacker to read any file on the local filesystem of the JobManager through its REST interface. This also means that a remote unauthenticated attacker could send a specially crafted directory traversal request that could permit unauthorized access to sensitive information. The vulnerability, which impacts Flink versions 1.11.0, 1.11.1, and 1.11.2, was  addressed  in January 2021 in versions 1.11.3 or 1.12.0. The exact nature of the attacks exploiting the flaw is presently unknown, although Palo Alto Networks Unit 42 warned of exte...
cyber security

Navigating the Maze: How to Choose the Best Threat Detection Solution

websiteSygniaThreat Detection / Cybersecurity
Discover how to continuously protect your critical assets with the right MDR strategy. Download the Guide.
cyber security

Phishing Response Automation Playbook: Reduce Security Analysts' Time on Phishing Alerts

websiteUnderdefensePhishing Protection / Incident Response
Automate your phishing detection and response: from identifying phishing emails to conducting impact analysis and remediation. This playbook includes a phishing response checklist and a step-by-step guide for handling detected phishing emails.
Expert Insights Articles Videos
Cybersecurity Resources