2 matches found
When Checking the Box Results in Two Zero Days and Root (CVE-2019-14257 and CVE-2019-14258)
Finding new bugs and exploiting them can be exciting and fun for a penetration tester. I was ecstatic to find my first two zero-days, and I used them to break a system from no access to root. This was a good day for me - but the story behind the story provides some real lessons enterprises can...
CVE-2019-14258
CVE-2019-14258 affects Zenoss 2.5.3 via the XML-RPC subsystem, where an XXE flaw in XML processing allows unauthenticated information disclosure on port 9988. Root cause is XXE in the XML handling of the XML-RPC subsystem. The impact is unauthenticated disclosure; no exploitation status or practi...