Search cyberveille.decio.ch

Found 69 bookmarks

Custom sorting

Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400)

On April 10, 2024, Volexity identified zero-day exploitation of a vulnerability found within the GlobalProtect feature of Palo Alto Networks PAN-OS at one of its network security monitoring (NSM) customers. Volexity received alerts regarding suspect network traffic emanating from the customer’s firewall. A subsequent investigation determined the device had been compromised. The following day, April 11, 2024, Volexity observed further, identical exploitation at another one of its NSM customers by the same threat actor.

#volexity #EN #2024 #Zero-Day #Exploitation #RCE #GlobalProtect #CVE-2024-3400

·volexity.com·Apr 13, 2024

Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400)

Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks

IT security software company Ivanti has released patches to fix multiple security vulnerabilities impacting its Connect Secure and Policy Secure gateways.

#bleepingcomputer #EN #2024 #Connect-Secure #Denial-of-Service #DoS #Ivanti #Policy-Secure #RCE #Remote-Code-Execution #Security #InfoSec #Computer-Security

·bleepingcomputer.com·Apr 4, 2024

Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks

Horde Webmail - Remote Code Execution via Email

We discovered vulnerabilities in Horde Webmail that allow an attacker to execute arbitrary code on Horde instances by having a victim open an email

#sonarsource #EN #2022 #Horde #Webmail #RCE #CVE-2022-30287

·blog.sonarsource.com·Jun 5, 2022

Horde Webmail - Remote Code Execution via Email

Exploit released for Fortinet RCE bug used in attacks, patch now

Security researchers have released a proof-of-concept (PoC) exploit for a critical vulnerability in Fortinet's FortiClient Enterprise Management Server (EMS) software, which is now actively exploited in attacks.

#bleepingcomputer #EN #2024 #Actively-Exploited #Exploit #Fortinet #PoC #Proof-of-Concept #RCE #Remote-Code-Execution #SQL-Injection #CVE-2023-48788

·bleepingcomputer.com·Mar 21, 2024

Exploit released for Fortinet RCE bug used in attacks, patch now

Two Bytes is Plenty: FortiGate RCE with CVE-2024-21762

Early this February, Fortinet released an advisory for an "out-of-bounds write vulnerability" that could lead to remote code execution. The issue affected the SSL VPN component of their FortiGate network appliance and was potentially already being exploited in the wild. In this post we detail the steps we took to identify the patched vulnerability and produce a working exploit.

#assetnote #EN #2024 #exploitation #patch-diff #FortiGate #RCE #CVE-2024-21762

·assetnote.io·Mar 20, 2024

Two Bytes is Plenty: FortiGate RCE with CVE-2024-21762

Exploiting CVE-2024-21378 – Remote Code Execution in Microsoft Outlook

Learn how NetSPI discovered that Microsoft Outlook was vulnerable to authenticated remote code execution (RCE) via synced form objects.

#netspi #EN #2024 #CVE-2024-21378 #RCE #vulnerability #Outlook

·netspi.com·Mar 11, 2024

Exploiting CVE-2024-21378 – Remote Code Execution in Microsoft Outlook

Horde Webmail - Remote Code Execution via Email

We discovered vulnerabilities in Horde Webmail that allow an attacker to execute arbitrary code on Horde instances by having a victim open an email

#sonarsource #EN #2022 #Horde #Webmail #RCE #CVE-2022-30287

·blog.sonarsource.com·Jun 5, 2022

Horde Webmail - Remote Code Execution via Email

45,000 Jenkins servers remain vulnerable to RCE attacks

Multiple publicly available exploits have since been published for the critical flaw

#theregister #EN #2024 #Jenkins #CVE-2024-23897 #RCE

·theregister.com·Feb 5, 2024

45,000 Jenkins servers remain vulnerable to RCE attacks

Zyxel VPN Series Pre-auth Remote Command Execution

Summary Chaining of three vulnerabilities allows unauthenticated attackers to execute arbitrary command with root privileges on Zyxel VPN firewall (VPN50, VPN100, VPN300, VPN500, VPN1000). Due to recent attack surface changes in Zyxel, the chain described below broke and become unusable – we have decided to disclose this even though it is no longer exploitable. Credit … SSD Advisory – Zyxel VPN Series Pre-auth Remote Command Execution Read More »

#ssd-disclosure #EN #2024 #Advisory #Zyxel #VPN #Series #Pre-auth #RCE

·ssd-disclosure.com·Feb 4, 2024

Zyxel VPN Series Pre-auth Remote Command Execution

Atlassian Confluence Server RCE attacks underway

If you're still running a vulnerable instance then 'assume a breach'

#theregister #en #2024 #RCE #mass-exploitation #CVE-2023-22527 #Atlassian #Confluence

·theregister.com·Jan 23, 2024

Atlassian Confluence Server RCE attacks underway

CVE-2024-21591 - Juniper J-Web OOB Write vulnerability

Juniper Networks recently patched a critical pre-authentication Remote Code Execution (RCE) vulnerability in the J-Web configuration interface across all versions of Junos OS on SRX firewalls and EX switches. Unauthenticated actors could exploit this vulnerability to gain root access or initiate Denial of Service (DoS) attacks on devices that have not been patched. Ensure your systems are updated promptly to mitigate this risk. Check for exposed J-Web configuration interfaces using this Censys Search query: services.software.uniform_resource_identifier: cpe:2.3:a:juniper:jweb:*:*:*:*:*:*:*:*. * As emphasized last year in CISA’s BOD 23-02 guidance, exposed network management interfaces continue to pose a significant risk. Restrict access to these interfaces from the public internet wherever possible.

#censys #EN #2024 #CVE-2024-21591 #Juniper #J-Web #OOB #vulnerability #RCE #exposed

·censys.com·Jan 14, 2024

CVE-2024-21591 - Juniper J-Web OOB Write vulnerability

Ivanti warns critical EPM bug lets hackers hijack enrolled devices

Ivanti fixed a critical remote code execution (RCE) vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers hijack enrolled devices or the core server.

#bleepingcomputer #EN #2024 #Ivanti #Ivanti-Endpoint-Manager #Ivanti-EPM #RCE #Remote-Code-Execution #CVE-2023-39336

·bleepingcomputer.com·Jan 5, 2024

Ivanti warns critical EPM bug lets hackers hijack enrolled devices

Horde Webmail - Remote Code Execution via Email

We discovered vulnerabilities in Horde Webmail that allow an attacker to execute arbitrary code on Horde instances by having a victim open an email

#sonarsource #EN #2022 #Horde #Webmail #RCE #CVE-2022-30287

·blog.sonarsource.com·Jun 5, 2022

Horde Webmail - Remote Code Execution via Email

Imperva Uncovers CVE-2023-22524, A RCE Vulnerability

Learn about a RCE vulnerability, discovered by the Imperva Red Team, identified as CVE-2023-22524, in Atlassian Companion for macOS.

#imperva #EN #2023 #RCE #vulnerability #CVE-2023-22524 #Atlassian #macOS

·imperva.com·Dec 16, 2023

Imperva Uncovers CVE-2023-22524, A RCE Vulnerability

Hackers are exploiting critical Apache Struts flaw using public PoC

Hackers are attempting to leverage a recently fixed critical vulnerability (CVE-2023-50164) in Apache Struts that leads to remote code execution, in attacks that rely on publicly available proof-of-concept exploit code.

#bleepingcomputer #EN #2023 #Actively-Exploited #Apache-Struts #PoC #Proof-of-Concept #RCE #Remote-Code-Execution #CVE-2023-50164

·bleepingcomputer.com·Dec 13, 2023

Hackers are exploiting critical Apache Struts flaw using public PoC

Sophos backports RCE fix after attacks on unsupported firewalls

Sophos was forced to backport a security update for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions after discovering hackers actively exploiting the flaw in attacks.

#bleepingcomputer #En #2023 #Actively-Exploited #Firewall #RCE #Remote-Code-Execution #Security-Update #Sophos

·bleepingcomputer.com·Dec 12, 2023

Sophos backports RCE fix after attacks on unsupported firewalls

50K WordPress sites exposed to RCE attacks by critical bug in backup plugin

A critical severity vulnerability in a WordPress plugin with more than 90,000 installs can let attackers gain remote code execution to fully compromise vulnerable websites.

#bleepingcomputer #EN #2023 #Backup-Migration #Code-Injection #CVE-2023-6553 #PHP #RCE #Remote-Code-Execution #WordPress

·bleepingcomputer.com·Dec 12, 2023

50K WordPress sites exposed to RCE attacks by critical bug in backup plugin

Atlassian Releases Critical Software Fixes to Prevent Remote Code Execution

Atlassian has released software fixes to address four critical flaws in its software that could lead to remote code execution.

#thehackernews #EN #2023 #Atlassian #RCE #flaws #Jira #Confluence

·thehackernews.com·Dec 6, 2023

Atlassian Releases Critical Software Fixes to Prevent Remote Code Execution

Horde Webmail - Remote Code Execution via Email

We discovered vulnerabilities in Horde Webmail that allow an attacker to execute arbitrary code on Horde instances by having a victim open an email

#sonarsource #EN #2022 #Horde #Webmail #RCE #CVE-2022-30287

·blog.sonarsource.com·Jun 5, 2022

Horde Webmail - Remote Code Execution via Email

New Microsoft Exchange zero-days allow RCE, data theft attacks

Microsoft Exchange is impacted by four zero-day vulnerabilities that attackers can exploit remotely to execute arbitrary code or disclose sensitive information on affected installations.

#bleepingcomputer #EN #2023 #Microsoft #Exchange #RCE #zero-day #ZDI

·bleepingcomputer.com·Nov 4, 2023

New Microsoft Exchange zero-days allow RCE, data theft attacks

ZDI-23-1578 | Zero Day Initiative

(0Day) Microsoft Exchange ChainedSerializationBinder Deserialization of Untrusted Data Remote Code Execution Vulnerability

#zerodayinitiative #EN #2023 #0-Day #Microsoft #Exchange #ChainedSerializationBinder #Deserialization #RCE

·zerodayinitiative.com·Nov 4, 2023

ZDI-23-1578 | Zero Day Initiative

CVE-2023-45498: RCE in VinChin Backup

CVE-2023-45498/CVE-2023-45499 advisory

#leakix #EN #2023 #advisory #RCE #VinChin #Backup #CVE-2023-45498 #CVE-2023-4549

·blog.leakix.net·Oct 27, 2023

CVE-2023-45498: RCE in VinChin Backup

Critical SolarWinds RCE Bugs Enable Unauthorized Network Takeover

SolarWinds' access controls contain five high and three critical-severity security vulnerabilities that need to be patched yesterday.

#darkreading #EN #2023 #RCE #SolarWinds #CVE-2023-35181 #CVE-2023-35183

·darkreading.com·Oct 21, 2023

Critical SolarWinds RCE Bugs Enable Unauthorized Network Takeover

Critical vulnerabilities in Exim threaten over 250k email servers worldwide | Ars Technica

Remote code execution requiring no authentication fixed. 2 other RCEs remain unpatched.

#arstechnica #EN #2023 #Exim #CVE-2023-42115 #RCE

·arstechnica.com·Oct 2, 2023

Critical vulnerabilities in Exim threaten over 250k email servers worldwide | Ars Technica

Can't Be Contained: Finding a Command Injection Vulnerability in Kubernetes

Akamai researchers discover a critical vulnerability in Kubernetes that can lead to remote code execution.

#akamai #EN #2023 #Kubernetes #command-injection #vulnerability #YAML #rce #remote-code-execution

·akamai.com·Sep 15, 2023

Can't Be Contained: Finding a Command Injection Vulnerability in Kubernetes

CVE-2023-36844 And Friends: RCE In Juniper Devices

As part of our Continuous Automated Red Teaming and Attack Surface Management technology - the watchTowr Platform - we're incredibly proud of our ability to discover nested, exploitable vulnerabilities across huge attack surfaces. Through our rapid PoC process, we enable our clients to understand if they are vulnerable to emerging

#labs.watchtowr #EN #2023 #CVE-2023-36844 #Juniper #RCE #analysis

·labs.watchtowr.com·Aug 26, 2023

CVE-2023-36844 And Friends: RCE In Juniper Devices

Horde Webmail - Remote Code Execution via Email

We discovered vulnerabilities in Horde Webmail that allow an attacker to execute arbitrary code on Horde instances by having a victim open an email

#sonarsource #EN #2022 #Horde #Webmail #RCE #CVE-2022-30287

·blog.sonarsource.com·Jun 5, 2022

Horde Webmail - Remote Code Execution via Email

chonked pt.2: exploiting cve-2023-33476 for remote code execution

second part in a two-part series going over heap overflow in MiniDLNA (CVE-2023-33476). this post provides a walkthrough of steps taken to write an exploit for this vulnerability in order to achieve remote code execution and pop a shell.

#coffinsec #EN #2023 #MiniDLNA #vulnerability #CVE-2023-33476 #rce

·blog.coffinsec.com·Jun 20, 2023

chonked pt.2: exploiting cve-2023-33476 for remote code execution

Xortigate, or CVE-2023-27997 - The Rumoured RCE That Was

When Lexfo Security teased a critical pre-authentication RCE bug in FortiGate devices on Saturday 10th, many people speculated on the practical impact of the bug. Would this be a true, sky-is-falling level vulnerability like the recent CVE-2022-42475? Or was it some edge-case hole, requiring some unusual and exotic requisite before any exposure? Others even went further, questioning the legitimacy of the bug itself. Details were scarce and guesswork was rife.

#labs.watchtowr #EN #2023 #Xortigate #XOR #RCE #CVE-2023-27997 #FortiGate #analysis

·labs.watchtowr.com·Jun 13, 2023

Xortigate, or CVE-2023-27997 - The Rumoured RCE That Was

Zero Day Initiative — CVE-2023-24941: Microsoft Network File System Remote Code Execution

In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Quinton Crist, Guy Lederfein, and Lucas Miller of the Trend Micro Research Team detail a recently patched remote code execution vulnerability in the Microsoft Network File Service (NFS). This bug was originally dis

#zerodayinitiative #EN #2023 #NFS #CVE-2023-2494 #RCE #analysis

·zerodayinitiative.com·Jun 1, 2023

Zero Day Initiative — CVE-2023-24941: Microsoft Network File System Remote Code Execution