ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

The latest ThreatsDay Bulletin is basically a cheat sheet for everything breaking on the internet right now. No corporate fluff or boring lectures here, just a quick and honest look at the messy reality of keeping systems safe this week. Things are moving fast. The list includes researchers...

CVE-2021-21242

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the Attachment-Support header. This Servlet does not enforce any authentication or...

Multiple Critical Vulnerabilities in Juniper Exploited in the Wild

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Multiple vulnerabilities have been discovered in Juniper Networks Junos OS, with the potential for pre-auth Remote Code Execution when chained in Juniper devices. Juniper Networks has confirmed th...

Design/Logic Flaw

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the Attachment-Support header. This Servlet does not enforce any authentication or...

CVE-2018-16763

FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution...

Immunity Canvas: VBULLETIN_PREAUTH_DECODEARGUMENTS

Name| vbulletinpreauthdecodeArguments ---|--- CVE| CVE-2015-7808 Exploit Pack| CANVAS Description| vBulletin pre-auth remote code execution Notes| CVE Name: CVE-2015-7808 VENDOR: vBulletin Solutions NOTES: Tested on Ubuntu 14.04 against: - vBulletin 5.1.4 - vBulletin 5.0.4 Repeatability: Infinite...