Penetration Testing

FEBRUARY 16, 2024

Of the five disclosed flaws, three carry the potential for unauthenticated remote code execution – meaning... The post CVE-2024-23476 & 23479: Pre-Authentication RCE Flaws Found in SolarWinds ARM appeared first on Penetration Testing.

Authentication 111

Authentication Penetration Testing Software 111

Penetration Testing

MARCH 13, 2024

These security updates address five vulnerabilities, including potential remote code execution, unauthorized data access, and improper authentication... The post CVE-2024-27135: Apache Pulsar Remote Code Execution Vulnerability appeared first on Penetration Testing.

Penetration Testing 135

Penetration Testing Authentication Software 135

Penetration Testing

NOVEMBER 7, 2024

Veeam recently disclosed a new security vulnerability, tracked as CVE-2024-40715, that impacts Veeam Backup Enterprise Manager. this flaw is classified as a high-severity vulnerability,... The post CVE-2024-40715: Authentication Bypass Threat in Veeam Backup Enterprise Manager appeared first on Cybersecurity News.

Backups 112

Backups Authentication Cybersecurity 112

Penetration Testing

MARCH 28, 2024

Security researchers have uncovered a serious vulnerability in Okta Verify for Windows, a popular multifactor authentication (MFA) app. This flaw rated 7.1

Penetration Testing 130

Penetration Testing Authentication 130

Penetration Testing

FEBRUARY 9, 2024

Dubbed CVE-2024-22394, this vulnerability exposes... The post CVE-2024-22394 Exposed: SonicWall SSL-VPN’s Authentication Flaw appeared first on Penetration Testing.

Authentication 90

Authentication Penetration Testing VPN 90

Penetration Testing

FEBRUARY 20, 2024

VMware has released an urgent security advisory regarding two critical vulnerabilities within its now-deprecated Enhanced Authentication Plug-in (EAP).

Penetration Testing 110

Penetration Testing Authentication 110

Penetration Testing

FEBRUARY 29, 2024

A high-severity security vulnerability (CVE-2024-1468, CVSS score 8.8) This vulnerability allows authenticated attackers with contributor-level permissions or higher to upload arbitrary... The post Urgent Security Alert: Avada WordPress Theme Vulnerability (CVE-2024-1468) appeared first on Penetration Testing.

Penetration Testing 115

Penetration Testing Authentication 115

Penetration Testing

MARCH 29, 2024

A severe backdoor vulnerability (designated CVE-2024-3094) has been unearthed in versions 5.6.0 This vulnerability could allow attackers to bypass SSH authentication on certain Linux... The post CVE-2024-3094 (CVSS 10): Backdoor Flaw Discovered in Popular Linux Compression Tool appeared first on Penetration Testing.

Penetration Testing 117

Penetration Testing Authentication 117

Penetration Testing

MARCH 8, 2024

The... The post CVE-2024-21899 (CVSS 9.8): Critical QNAP Flaw Opens Door to Hackers appeared first on Penetration Testing. These vulnerabilities, if left unaddressed, could provide attackers with various avenues for compromising affected devices. What’s the Risk?

Penetration Testing 135

Penetration Testing Software Risk Authentication 135

Penetration Testing

SEPTEMBER 6, 2024

Red Hat has issued a critical security advisory warning of an authentication bypass vulnerability (CVE-2024-7923) in Pulpcore, a content management system used in Red Hat Satellite deployments.

Authentication 121

Authentication Cybersecurity 121

Penetration Testing

MARCH 6, 2024

Akamai security researcher Tomer Peled recently unveiled the technical detail and proof-of-concept (PoC) for a vulnerability within Microsoft Themes (CVE-2024-21320). This vulnerability, with a CVSS score of 6.5,

Penetration Testing 111

Penetration Testing Authentication 111

Penetration Testing

MARCH 18, 2024

Spring Security, a widely used framework for securing Java-based applications, has a serious vulnerability that could allow attackers to bypass authentication and gain unauthorized access to sensitive systems.

Penetration Testing 111

Penetration Testing Authentication 111

Penetration Testing

OCTOBER 26, 2024

A critical authentication bypass vulnerability has been discovered in wpDiscuz, a widely used WordPress plugin with over 80,000 active installations.

Authentication 108

Authentication Risk Cybersecurity 108

Penetration Testing

MARCH 5, 2024

HashiCorp’s Vault, a popular tool for securely managing sensitive data, contains a vulnerability (CVE-2024-2048, CVSS 8.1) that could allow attackers to bypass authentication and gain unauthorized access to your organization’s most valuable secrets.

Penetration Testing 97

Penetration Testing Risk Authentication 97

Penetration Testing

MAY 7, 2024

Attackers are weaponizing two critical vulnerabilities, CVE-2023-46805 (authentication bypass) and CVE-2024-21887... The post Mirai Botnet Exploits Ivanti Vulnerabilities (CVE-2023-46805 & CVE-2024-21887) appeared first on Penetration Testing.

Penetration Testing 96

Penetration Testing Authentication Malware 96

Penetration Testing

JUNE 4, 2024

The advisory details a critical vulnerability, CVE-2024-4332, that could allow unauthenticated attackers to bypass authentication... The post Tripwire Enterprise Faces Critical Authentication Bypass Flaw (CVE-2024-4332) appeared first on Penetration Testing.

Authentication 71

Authentication Penetration Testing Cybersecurity 71

Penetration Testing

APRIL 30, 2024

SonicWall has released a security patch for its Global Management System (GMS) software, addressing two vulnerabilities that could be exploited by attackers to gain unauthorized access to sensitive data (CVE-2024-29010) and bypass authentication mechanisms... The post SonicWall Patches GMS Flaws to Block Data Breaches and Bypass Attacks (..)

Data breaches 117

Data breaches Penetration Testing Authentication Software 117

Penetration Testing

FEBRUARY 20, 2024

A recently disclosed vulnerability in Spring Security (CVE-2024-22234, CVSS 7.4) could lead to unauthorized access within affected Java web applications.

Penetration Testing 87

Penetration Testing Authentication 87

Penetration Testing

SEPTEMBER 27, 2024

Cybersecurity firm RedTeam Pentesting GmbH has disclosed two critical vulnerabilities, CVE-2024-6592 and CVE-2024-6593, in WatchGuard’s Authentication Gateway (also known as Single Sign-On Agent) and Single Sign-On Client software, potentially impacting... The post Critical WatchGuard Vulnerabilities Discovered: CVE-2024-6592 and (..)

Authentication 115

Authentication Software Cybersecurity 115

Penetration Testing

JUNE 27, 2024

In a recent cybersecurity advisory, Juniper Networks disclosed a critical vulnerability identified as CVE-2024-2973, which has earned a severity rating of 10 on the CVSS scale.

Authentication 95

Authentication Cybersecurity 95

Penetration Testing

DECEMBER 16, 2024

Tracked as CVE-2024-55661, this vulnerability could allow authenticated... The post CVE-2024-55661: RCE Vulnerability Discovered in Laravel Pulse Monitoring Tool appeared first on Cybersecurity News.

Authentication 104

Authentication Cybersecurity 104

Penetration Testing

SEPTEMBER 1, 2024

Researcher Sina Kheirkhah of the Summoning Team has published the technical details and a proof-of-concept (PoC) exploit for a critical vulnerability, identified as CVE-2024-6670, affecting Progress Software’s WhatsUp Gold.

Authentication 82

Authentication Cybersecurity Software 82

Penetration Testing

OCTOBER 3, 2024

A high-severity vulnerability, CVE-2024-9313 ((CVSS 8.8)), has been discovered in Authd, an authentication daemon used for secure identity and access management in Ubuntu machines.

Authentication 111

Authentication Cybersecurity 111

Penetration Testing

SEPTEMBER 6, 2024

IBM has issued a critical security advisory for its webMethods Integration Server, revealing multiple vulnerabilities that could allow authenticated users to execute arbitrary commands, escalate privileges, and access sensitive files....

Authentication 121

Authentication Cybersecurity 121

Penetration Testing

SEPTEMBER 5, 2024

OpenStack’s Ironic project, which provisions bare metal machines, has been found vulnerable to a critical security flaw (CVE-2024-44082) that could allow authenticated users to exploit unvalidated image data.

Authentication 110

Authentication Cybersecurity 110

Penetration Testing

DECEMBER 25, 2024

The Apache Software Foundation has disclosed a critical vulnerability, CVE-2024-43441, affecting Apache HugeGraph-Server, a widely used open-source graph database system.

Authentication 68

Authentication Software Cybersecurity 68

NetSpi Technical

MARCH 11, 2024

In 2023 NetSPI discovered that Microsoft Outlook was vulnerable to authenticated remote code execution (RCE) via synced form objects. This blog will cover how we discovered CVE-2024-21378 and weaponized it by modifying Ruler , an Outlook penetration testing tool published by SensePost.

Authentication 145

Authentication Penetration Testing Technology Phishing 145

Penetration Testing

AUGUST 11, 2024

In a recent security advisory, the FreeBSD Project disclosed a critical vulnerability (CVE-2024-7589) in OpenSSH, the widely-used implementation of the SSH protocol suite.

Authentication 75

Authentication Cybersecurity 75

Penetration Testing

SEPTEMBER 17, 2024

The flaw, identified as CVE-2024-45409, carries a CVSS... The post GitLab Releases Critical Security Patch for CVE-2024-45409 (CVSS 10) Vulnerability appeared first on Cybersecurity News.

Cybersecurity 130

Cybersecurity Authentication 130

Penetration Testing

MAY 29, 2024

A critical vulnerability (CVE-2024-4358) has been discovered in Progress Telerik Report Server, a popular report management solution used by organizations worldwide. out of 10), could... The post CVE-2024-4358: Critical Authentication Bypass Flaw Discovered in Progress Telerik Report Server appeared first on Penetration Testing.

Authentication 52

Authentication Penetration Testing 52

Penetration Testing

APRIL 18, 2024

Cisco customers are facing an increased risk of attack as publicly accessible exploit code has emerged for CVE-2024-20356, a critical vulnerability in Cisco’s Integrated Management Controller (IMC).

Penetration Testing 86

Penetration Testing Authentication Risk 86

Penetration Testing

APRIL 18, 2024

Keycloak, a widely used open-source solution for authentication and authorization, has released important security updates addressing multiple vulnerabilities.

DDOS 110

DDOS Penetration Testing Risk Authentication 110

Penetration Testing

FEBRUARY 20, 2024

In a chilling development, ConnectWise issued a critical security advisory on February 19, 2024, exposing two gaping security vulnerabilities in its popular ScreenConnect remote access software.

Penetration Testing 87

Penetration Testing Authentication Software 87

Penetration Testing

JULY 31, 2024

A severe security vulnerability, identified as CVE-2024-41667 and rated with a CVSS score of 8.8, This flaw allows remote attackers to... The post CVE-2024-41667: OpenAM Vulnerability Exposes Authentication Systems to Critical Risk appeared first on Cybersecurity News.

Authentication 68

Authentication Risk Cybersecurity 68

Penetration Testing

OCTOBER 28, 2024

Designated as CVE-2024-46483, this pre-authentication... The post CVE-2024-46483 (CVSS 9.8): Xlight FTP Server Flaw Leaves Users Exposed to Remote Attacks, PoC Published appeared first on Cybersecurity News.

Authentication 98

Authentication Cybersecurity 98

Penetration Testing

NOVEMBER 21, 2024

The vulnerabilities, identified as CVE-2024-10126 and CVE-2024-10127, could allow attackers... The post CVE-2024-10126 & CVE-2024-10127: M-Files Addresses File Inclusion and Authentication Bypass Flaws appeared first on Cybersecurity News.

Authentication 63

Authentication Software Cybersecurity 63

Penetration Testing

MARCH 14, 2024

These flaws could allow attackers to bypass authentication mechanisms,... The post Critical Vulnerabilities in Arcserve UDP Software Demand Urgent Action appeared first on Penetration Testing.

Software 102

Software Penetration Testing Backups Authentication 102