Static Security Vulnerability Scanning of Proprietary and Open-Source Software: an Adaptable Process with Variants and Results

Software vulnerabilities remain a significant risk factor in achieving security objectives within software development organizations. This is especially true where either proprietary or open-source software OSS is included in the technological environment. In this paper an end-to-end process with...

Exploit for Code Injection in Crushftp

CVE-2024-4040-CrushFTP-server CrushFTP is a proprietary multi...

Exploit for CVE-2022-1966

It is an exploit module for a vulnerability in a proprietary sof...

Millions of Java Apps Remain Vulnerable to Log4Shell

Four months after the discovery of the zero-day Log4Shell critical flaw, millions of Java applications still remain vulnerable to compromise, researchers have found. Rezilion expected that due to the “massive amount of media coverage” the bug unsurprisingly received, the majority of applications...

Vulnerability Remediation: It’s Not Just Patching

Vulnerability does not equal a patch, as such remediating a detected vulnerability requires deploying the right patches and, in some cases, making the right configuration changes. Using multiple tools to detect, map and deploy the right remediation actions is time consuming and will result in les...

Multiple Open Source Web App Vulnerabilities Fixed

Today, Rapid7 is disclosing 9 vulnerabilities that affect 3 open-source projects: EspoCRM, Pimcore, and Akaunting. Right out of the gate, I'd like to give a special thanks to these 3 open-source project maintainers. While it's never great to learn of new vulnerabilities in your own product, all 3...

CyberArk 9.7 - Memory Disclosure

Exploit Title: CyberArk 9.7 - Memory Disclosure Date: 2018-06-04 Exploit Author: Thomas Zuk @Freakazoidile Vendor Homepage: https://www.cyberark.com/products/privileged-account-security-solution/enterprise-password-vault/ Version: 9.7 and 10 Tested on: Windows 2008, Windows 2012, Windows 7, Windo...

CyberArk 9.7 - Memory Disclosure Exploit

Exploit Title: CyberArk 9.7 - Memory Disclosure Exploit Author: Thomas Zuk @Freakazoidile Vendor Homepage: https://www.cyberark.com/products/privileged-account-security-solution/enterprise-password-vault/ Version: 9.7 and 10 Tested on: Windows 2008, Windows 2012, Windows 7, Windows 8, Windows 10...

CyberArk < 10 - Memory Disclosure

Exploit Title: CyberArk 10 - Memory Disclosure Date: 2018-06-04 Exploit Author: Thomas Zuk Vendor Homepage: https://www.cyberark.com/products/privileged-account-security-solution/enterprise-password-vault/ Version: 9.7 and 10 Tested on: Windows 2008, Windows 2012, Windows 7, Windows 8, Windows 10...

CyberArk 10 - Memory Disclosure

CyberArk 10 - Memory Disclosure Exploit Title: CyberArk 10 - Memory Disclosure Date: 2018-06-04 Exploit Author: Thomas Zuk Vendor Homepage: https://www.cyberark.com/products/privileged-account-security-solution/enterprise-password-vault/ Version: 9.7 and 10 Tested on: Windows 2008, Windows 2012,...

CyberArk < 10 - Memory Disclosure Exploit

Exploit for linux platform in category remote exploits Exploit Title: CyberArk 10 - Memory Disclosure Exploit Author: Thomas Zuk Vendor Homepage: https://www.cyberark.com/products/privileged-account-security-solution/enterprise-password-vault/ Version: 9.7 and 10 Tested on: Windows 2008, Windows...

CyberArk Memory Disclosure

Exploit Title: CyberArk 10 - Memory Disclosure Date: 2018-06-04 Exploit Author: Thomas Zuk Vendor Homepage: https://www.cyberark.com/products/privileged-account-security-solution/enterprise-password-vault/ Version: 9.7 and 10 Tested on: Windows 2008, Windows 2012, Windows 7, Windows 8, Windows 10...

Why you can’t update it all at once?

It’s the second part of our talk with Daniil Svetlov at his radio show “Safe Environment” recorded 29.03.2017. In this part we talk about vulnerabilities in Linux and proprietary software, problems of patch an vulnerability management, and mention some related compliance requirements. Video with...

AfterLogic WebMail Lite Authentication Bypass

AfterLogic WebMail Lite is a free web-based IMAP and SMTP email-client with Ajax interface. AfterLogic WebMail Lite is available for both PHP and ASP.NET platforms. The version of AfterLogic WebMail Lite that is written in PHP is free and open-source software subject to the terms of the Affero...

After Logic Mail - Remote Admin Takeover (All versions)

AfterLogic WebMail Lite is a free web-based IMAP and SMTP email-client with Ajax interface. AfterLogic WebMail Lite is available for both PHP and ASP.NET platforms. The version of AfterLogic WebMail Lite that is written in PHP is free and open-source software subject to the terms of the Affero...

Backdoor found in Samsung Galaxy Devices, allows Hackers to remotely access/modify Data

Google’s Android operating system may be open source, but the version of Android that runs on most phones, tablets, and other devices includes proprietary, closed-source components. Phone makers, including Samsung ships its Smartphones with a modified version of Android, with some pre-installed...