19 matches found
Ivanti Connect Secure - XXE
Ivanti Connect Secure is vulnerable to XXE XML External Entity injection. id: CVE-2024-22024 info: name: Ivanti Connect Secure - XXE author: watchTowr severity: high description: | Ivanti Connect Secure is vulnerable to XXE XML External Entity injection. impact: | Successful exploitation of this...
SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch Release
A new security flaw in SmarterTools SmarterMail email software has come under active exploitation in the wild, two days after the release of a patch. The vulnerability, which currently does not have a CVE identifier, is tracked by watchTowr Labs as WT-2026-0001. It was patched by SmarterTools on...
PT-2025-35314
Name of the Vulnerable Software and Affected Versions: Sitecore Experience Manager XM versions 9.0 through 9.3, 10.0 through 10.4 Sitecore Experience Platform XP versions 9.0 through 9.3, 10.0 through 10.4 Description: This issue involves the use of externally-controlled input to select classes o...
Exploit for Unrestricted Upload of File with Dangerous Type in Cleo Harmony
CVE-2024-50623 Cleo Unrestricted file upload and download PoC...
Exploit for Path Traversal in Mitel Micollab
CVE-2024-41713 Mitel MiCollab Authentication Bypass to Arbitr...
About Remote Code Execution – FortiManager “FortiJump” (CVE-2024-47575) vulnerability
About Remote Code Execution - FortiManager "FortiJump" CVE-2024-47575 vulnerability. FortiManager is a centralized solution for configuring, enforcing policies, updating, and monitoring Fortinet network devices. The vulnerability was released on October 23. A missing authentication for critical...
Exploit for Deserialization of Untrusted Data in Veeam Veeam_Backup_\&_Replication
CVE-2024-40711 Exploit for Veeam backup and Replication Pre-A...
Exploit for OS Command Injection in Php
CVE-2024-4577 A Proof of Concept developed by @watchTowrhtt...
Exploit for OS Command Injection in Php
CVE-2024-4577 A Proof of Concept developed by @watchTowrhtt...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum_Spark_Firmware
Exploit for CVE-2024-24919 Description This Python script...
QNAP Patches New Flaws in QTS and QuTS hero Impacting NAS Appliances
Taiwanese company QNAP has rolled out fixes for a set of medium-severity flaws impacting QTS and QuTS hero, some of which could be exploited to achieve code execution on its network-attached storage NAS appliances. The issues, which impact QTS 5.1.x and QuTS hero h5.1.x, are listed below -...
Exploit for Classic Buffer Overflow in Qnap Qts
!Profile Visitorshttps://komarev.com/ghpvc/?username=d0rb&la...
Exploit for Classic Buffer Overflow in Qnap Qts
CVE-2024-27130 A Proof of Concept developed by @watchTow...
Exploit for Improper Input Validation in Paloaltonetworks Pan-Os
CVE-2024-3400 PoC for educational purposes only. only use on...
Exploit for HTTP Request Smuggling in Apache Http_Server
CVE-2022-26377 A Proof of Concept developed by @watchTowr to...
Warning: New Ivanti Auth Bypass Flaw Affects Connect Secure and ZTA Gateways
Ivanti has alerted customers of yet another high-severity security flaw in its Connect Secure, Policy Secure, and ZTA gateway devices that could allow attackers to bypass authentication. The issue, tracked as CVE-2024-22024, is rated 8.3 out of 10 on the CVSS scoring system. "An XML external enti...
Juniper Networks Releases Urgent Junos OS Updates for High-Severity Flaws
Juniper Networks has released out-of-band updates to address high-severity flaws in SRX Series and EX Series that could be exploited by a threat actor to take control of susceptible systems. The vulnerabilities, tracked as CVE-2024-21619 and CVE-2024-21620, are rooted in the J-Web component and...
Alert: Over 178,000 SonicWall Firewalls Potentially Vulnerable to Exploits - Act Now
Over 178,000 SonicWall firewalls exposed over the internet are exploitable to at least one of the two security flaws that could be potentially exploited to cause a denial-of-service DoS condition and remote code execution RCE. "The two issues are fundamentally the same but exploitable at differen...
Exploit for Improper Authentication in Ivanti Connect_Secure
CVE-2023-46805 Scanner CVE-2023-46805 Scanner for possible...