Overview • Vulnerable Platform: Windows Server • Vulnerable Versions: 2012 through 2024 • Security Patch Release Date: May 14, 2024 • Type of Vulnerability: Remote Code Execution (RCE) • Risk Severity (CVSSv3): Critical, with a CVSS score of 9.8 • Usage Status: Proof-of-Concept (PoC) released Technical Description CVE-2024-4358 is a critical vulnerability affecting Progress…
Overview Vulnerable Platform: Windows Server Vulnerable Versions: 2000 to 2025 Security Patch Release Date: July 09, 2024 Vulnerability Type: Remote Code Execution (RCE) Risk Level (CVSSv3): Critical (9.8) Exploit Status: Proof of Concept (PoC) Released Technical Description The CVE-2024-38077 vulnerability is a critical Remote Code Execution (RCE) flaw in the Windows Remote Desktop Licensing…
Overview Vulnerable Platform: OpenSSH’s server (sshd) Vulnerable Versions: 8.5p1 to 9.7p1 Patch Release Date: July 11, 2024 Vulnerability Type: Remote Code Execution (RCE) CVSSv3 Score: 8.1 (High) Exploit Status: Proof of Concept (POC) released; no successful exploitation observed in the wild. Technical Description CVE-2024-6387 is a critical Remote Code Execution (RCE) vulnerability identified…
Exploit introduction Vulnerable versions: All systems running versions 1.5 to 1.9 of the Apache Commons Text tool are vulnerable to CVE-2022-42889 (text4shell). Vulnerability Type: Remote Code Execution (RCE) The cause of the vulnerability: the existence of a logical bug in the StringSubstituter class. Introduction Apache Commons Text is a Java library known as a…
ID: CVE-2022-22965 CVSS: 9.8 of 10 Severity: Critical Type: Remote Code Execution Error type: Parameters binding error in the “getCachedIntrospectionResults” method Technical Explanation Spring Core on its versions after JDK9, is vulnerable to a security flaw related to an old vulnerability (CVE-2010-1622), and currently, any represented solutions for that time are bypassed. Spring core is…
Identification: CVE-2021-42321 CVSS: 8.8 of 10 Risk factor: high Type of vulnerability: remote code execution Type of the bug: incorrect authentication of .command-let (cmdlet) arguments Technical explanation This tracked security flaw known as CVE-2021-42321 that impacts Exchange Server 2016 and Exchange Server 2019, and according to Microsoft security advice, it occurs due to the incorrect…
Risk factor: very dangerous Score: 8.8 of 10 Type of vulnerability: remote code execution This bug which is identified as CVE-2021-34527, allows the intruder to abuse this vulnerability, and remotely execute codes with System-level access when Windows Print Spooler, improperly, executes a file with a high level of accessibility. To abuse this vulnerability, it is…
Identification: CVE-2021-31166 Score: 9.8 from 10 Risk factor: Highly dangerous Type of vulnerability: remote code execution Type of the bug: use-after-free in the http!UlpParseContentCoding of HTTP.sys drive Date of releasing the patch by Microsoft: 11-5-2021 This bug is known as “CVE-2021-31166” is found in HTTP Protocol Stack (HTTP.sys) and is used by Windows Internet Information…
Introduction The vulnerability of ZeroLogon or CVE-2020-1742 is an extremely dangerous vulnerability in all versions of Windows servers from 2008 to 2019, which has the maximum level of danger (CVSS 10/10). By using this vulnerability, an intruder can easily get domain admin access, with no need for any authentication, and only by sending a few…