Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
8 résultats taggé Execution  ✕
Fire In The Hole, We’re Breaching The Vault - Commvault Remote Code Execution (CVE-2025-34028) https://labs.watchtowr.com/fire-in-the-hole-were-breaching-the-vault-commvault-remote-code-execution-cve-2025-34028/
25/04/2025 09:30:37
QRCode
archive.org
thumbnail

We've previously, publicly and privately, analysed vulnerabilities in various ‘Backup and Replication’ platforms, including those offered by Veeam and NAKIVO - both of which have struggled to avoid scrutiny and in some cases, even opting to patch issues silently.

However, we’re glad to see that sense prevails - kudos to NAKIVO for acknowledging CVE-2024-48248 from our previous research and publicly responding to a new XXE vulnerability (CVE-2025-32406).

Backup and Replication solutions have become prime targets for ransomware operators for logical reasons — Veeam, for instance, has already seen widespread exploitation in the wild.

watchtowr EN 2025 Commvault Remote Code Execution CVE-2025-34028
Ivanti warns of three more CSA zero-days exploited in attacks https://www.bleepingcomputer.com/news/security/ivanti-warns-of-three-more-csa-zero-days-exploited-in-attacks/
08/10/2024 18:24:32
QRCode
archive.org
thumbnail

American IT software company Ivanti has released security updates to fix three new Cloud Services Appliance (CSA) zero-days tagged as actively exploited in attacks.

bleepingcomputer EN 2024 Bypass Ivanti Code Command Actively Remote Services Exploited Injection Execution Security Zero-Day CSA Cloud Appliance CVE-2024-9379 CVE-2024-9380 CVE-2024-9381
Exploiting pfsense Remote Code Execution – CVE-2022-31814 https://laburity.com/exploiting-pfsense-remote-code-execution-cve-2022-31814/
13/08/2024 13:50:49
QRCode
archive.org
thumbnail

Greetings everyone, In this write-up, we will be exploring the interesting exploitation that has been done against the pfsense CVE-2022-31814. What is pfsense? pfSense software is a FreeBSD-based operating system designed to install and configure a firewall that can be easily configured via the web interface and installed on any PC. With all of the

laburity.com en 2024 pfsense Remote Code Execution CVE-2022-31814
Critical Cisco bug lets hackers add root users on SEG devices https://www.bleepingcomputer.com/news/security/critical-cisco-bug-lets-hackers-add-root-users-on-seg-devices/amp/
19/07/2024 09:06:31
QRCode
archive.org
thumbnail

Cisco has fixed a critical severity vulnerability that lets attackers add new users with root privileges and permanently crash Security Email Gateway (SEG) appliances using emails with malicious attachments.

Tracked as CVE-2024-20401, this arbitrary file write security flaw in the SEG content scanning and message filtering features is caused by an absolute path traversal weakness that allows replacing any file on the underlying operating system.

bleepingcomputer EN 2024 Code InfoSec Execution Path Gateway Denial DoS Remote Cisco RCE CVE-2024-20401 SEG
Qlik Sense Remote Code Execution Technical Exploitation - https://www.praetorian.com/blog/qlik-sense-technical-exploit/
01/12/2023 11:00:17
QRCode
archive.org
thumbnail

Deep technical details of how we combined HTTP request tunneling and path traversal vulnerabilities to permit unauthorized RCE in Qlik Sense.

praetorian EN 2023 exploit Qlik Sense Remote Code Execution technical details
CVE-2023-38146: Arbitrary Code Execution via Windows Themes https://exploits.forsale/themebleed/
14/09/2023 12:31:15
QRCode
archive.org

This is a fun bug I found while poking around at weird Windows file formats. It's a kind of classic Windows style vulnerability featuring broken signing, sketchy DLL loads, file races, cab files, and Mark-of-the-Web silliness. It was also my first experience submitting to the MSRC Windows bug bounty since leaving Microsoft in April of 2022.

exploits.forsale EN 2023 CVE-2023-38146 Arbitrary Code Execution themebleed Windows Themes
CVE-2023-38408: Remote Code Execution in OpenSSH’s forwarded ssh-agent https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent
20/07/2023 11:18:06
QRCode
archive.org
thumbnail

The Qualys Threat Research Unit (TRU) has discovered a remote code execution vulnerability in OpenSSH's forwarded ssh-agent. This vulnerability allows a remote…

qualys EN 2023 OpenSSH remote code execution vulnerability ssh-agent
Process Mockingjay: Echoing RWX In Userland To Achieve Code Execution https://www.securityjoes.com/post/process-mockingjay-echoing-rwx-in-userland-to-achieve-code-execution
27/06/2023 15:04:59
QRCode
archive.org
thumbnail

Our research team is committed to continuously identifying potential security vulnerabilities and techniques that threat actors may exploit to bypass existing security controls. In this blog post, our team is detailing on a comprehensive research specifically focused on process injection techniques utilized by attackers to deceive robust security products integrated into the security stack, such as EDRs and XDRs. Throughout the blog post, we will delve into various process injection techniques e

securityjoes EN 2023 Mockingjay EDR bypass technique RWX Code Execution
4259 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio