Overview • Platform and Vulnerable Versions: Affects all platforms running impacted versions of OpenSSL. • Type of Vulnerability: Sensitive data leakage via RAM memory. • Risk Severity (CVSSv3): High, with a CVSS score of 7.5. • Cause: A coding bug within the OpenSSL library. Technical Description The Heartbleed vulnerability (CVE-2014-0160) is a critical flaw…
Overview • Vulnerable Platform: Windows Server • Vulnerable Versions: 2012 through 2024 • Security Patch Release Date: May 14, 2024 • Type of Vulnerability: Remote Code Execution (RCE) • Risk Severity (CVSSv3): Critical, with a CVSS score of 9.8 • Usage Status: Proof-of-Concept (PoC) released Technical Description CVE-2024-4358 is a critical vulnerability affecting Progress…
Overview Vulnerable Platform: Windows Server Vulnerable Versions: 2000 to 2025 Security Patch Release Date: July 09, 2024 Vulnerability Type: Remote Code Execution (RCE) Risk Level (CVSSv3): Critical (9.8) Exploit Status: Proof of Concept (PoC) Released Technical Description The CVE-2024-38077 vulnerability is a critical Remote Code Execution (RCE) flaw in the Windows Remote Desktop Licensing…
Overview Vulnerable Platform: OpenSSH’s server (sshd) Vulnerable Versions: 8.5p1 to 9.7p1 Patch Release Date: July 11, 2024 Vulnerability Type: Remote Code Execution (RCE) CVSSv3 Score: 8.1 (High) Exploit Status: Proof of Concept (POC) released; no successful exploitation observed in the wild. Technical Description CVE-2024-6387 is a critical Remote Code Execution (RCE) vulnerability identified…
Overview Vulnerability Type: Remote Code Execution (RCE) Danger Level: Critical (CVSSv3: 9.8) Vulnerable Platform: Microsoft Windows Security Patch Submission Date: 12 June 2024 Vulnerable Versions: All versions of Windows Server, Windows 10, and Windows 11 Usage Status: Proof of Concept (PoC) Technical Description A critical flaw in Microsoft Message Queuing (MSMQ) was fixed in Microsoft’s…
Overview Vulnerable platform: Microsoft Windows Vulnerable versions: All versions Security patch submission date: August 8, 2023 Vulnerability type: Remote Code Execution CVSSv3 threat level: High 8.3 Usage Status: Active (being exploited by intruders) Technical Descriptions: Microsoft has recently addressed a significant number of security flaws in their July 2023 security updates. These updates aim…
Exploit introduction Vulnerable versions: All systems running versions 1.5 to 1.9 of the Apache Commons Text tool are vulnerable to CVE-2022-42889 (text4shell). Vulnerability Type: Remote Code Execution (RCE) The cause of the vulnerability: the existence of a logical bug in the StringSubstituter class. Introduction Apache Commons Text is a Java library known as a…
Introducing the exploit CVE-2022–41040 Vulnerability Score: 6.3 Vulnerability Type: SSRF CVE-2022–41082 Vulnerability Score: 8.8 Vulnerability type: RCE Vulnerable platform: Windows Server 2012, 2016, and 2019 Date of last security patch provided: 08-11-2022 Introduction The generality of this vulnerability is similar to the proxyshell vulnerability for 2021 and includes the following 3 cves: CVE-2021-34473 (KB5001779)…
Introducing the exploit Proxy Shell A general term for 3 Exchange Server vulnerabilities, with the identifiers: CVE-2021-34473: Microsoft Exchange Server Remote Code Execution CVE-2021-34523: Microsoft Exchange Server Elevation of Privilege CVE-2021-31207: Microsoft Exchange Server Security Feature Bypass Vulnerability Vulnerable platform: Microsoft Exchange servers Exchange 2013 CU23 < 15.0.1497.15 Exchange 2016 CU19 < 15.1.2176.12, Exchange 2016…
Introduction Introducing WPAD Web Proxy Auto-Discovery or WPAD provides organizations with a way to automatically configure a proxy server on the system; This feature means that you don’t need to set it manually in the organization. Introduction of NetBIOS and NetBIOS Name NetBIOS is a program that enables the communication between different computers within a…