SQL Injection Failure and Flaws That Allow Remote Attackers to Execute Code Remotely Have Been Patched by Vmware

This image is about VMware patching SQL injection vulnerabilities.

Blog The proof-of-concept exploit code is publicly available for a critical authentication bypass vulnerability in multiple VMware products that allows attackers to gain administrative privileges. VMware has previously released updates to the vulnerability (CVE-2022-31656, CVSS: N/A) affecting VMware Workspace ONE Access, Identity Manager and vRealize Automation. A high severity SQL injection flaw (CVE-2022-31659, CVSS: N/A) […]

Google Has Released an Update for the New Chrome Zero-Day Vulnerability

This image is about Google's update for a new Chrome zero-day vulnerability.

Blog Google has released security updates for many vulnerabilities, including the zero-day vulnerability for the Chrome browser. These defects are known to be actively exploited in the wild. Defined as a case of insufficient validation of untrusted inputs in Intents, the flaw is tracked with code CVE-2022-2856 (CVSS: N/A). The firm refrained from sharing additional […]

CISA Warning Against Active Exploitation of Palo Alto Networks’ PAN-OS Vulnerability

This image is about CISA's warning regarding the active exploitation of a Palo Alto Networks PAN-OS vulnerability.

Blog CISA added Palo Alto Networks PAN-OS to its Catalog of Known Exploited Vulnerabilities based on evidence of active exploitation This critical vulnerability is tracked with code CVE-2022-0028 (CVSS: 8.6 High). The vulnerability is the misconfiguration of a URL filtering policy. Misconfiguration of the PAN-OS URL filtering policy could allow a network-based attacker to perform […]

Iranian Threat Actor MERCURY Exploits Log4j 2 Vulnerabilities in Unpatched Systems

This image is about MERCURY exploiting Log4j 2 vulnerabilities.

Blog The Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Research Team found that Iran-based threat actor MERCURY exploited Log4j 2 vulnerabilities in SysAid applications. The threat actor targets organizations that are all based in Israel. After gaining access, MERCURY maintains persistence, flushes credentials, and moves laterally within the targeted organization using both proprietary […]

PetitPotam (MS-EFSRPC) Exploit – CVE2021-36942

This image is about the PetitPotam (MS-EFSRPC) exploit.

Blog PetitPotam (MS-EFSRPC) Exploit – Summary PetitPotam Exploit needs Active Directory Certificate Services, specifically the default settings behind the Web Enrollment service because of this Vulnerability. Adversaries can achieve full Domain Admin (DC) takeover of a target Active Directory by using PetitPotam, which takes attention among Ransomware Gangs, they are able to use this Vulnerability […]

What is HTML Injection Vulnerability? How to Mitigate HTML Injection?

This image is about HTML injection vulnerability and mitigation.

Blog HTML Injection vulnerability is a kind of injection vulnerability as you can understand from it’s name. It allows the user to inject his/her arbitrary HTML codes to the webpage. Injection type may be stored or reflected. It looks like a Cross-site Scripting (XSS) vulnerability. Some researchers consider the HTML Injection vulnerability to be a […]

What are Multiple Apache Vulnerabilities?

This image is about multiple Apache vulnerabilities.

Blog In this article, Apache Server and its vulnerabilities, and ways to mitigate these threats will be talked about. How to find the website’s server? There are multiple tools available to find out which web server is used. The first of these is curl -I command. curl -I command is run on terminal in order […]

What Is Jquery XSS Vulnerability Version?

This image is about jQuery XSS vulnerability versions.

Blog Let’s start with what jquery and XSS are. Jquery is a library of JavaScript. It was created to facilitate the use of JavaScript on websites. It is not a separate programming language and works with JavaScript. A cross-site scripting attack (XSS) occurs when a hacker injects malicious code, usually in the form of client-side […]

What is File Upload Vulnerability?

This image is about file upload vulnerability.

Blog File upload vulnerabilities are when a web server allows users to upload files to its filesystem without sufficiently validating things like their name, type, contents, or size. Failing to properly enforce restrictions on these could mean that even a basic image upload function can be used to upload arbitrary and potentially dangerous files instead. […]

What is Weak SSL Algorithms?

This image is about weak SSL algorithms.

Blog Sensitive data must be protected when transmitted over the network. This data may include user credentials and credit card information. Servers are authenticated using digital certificates. These are SSL/TLS certificates. TLS encrypts communication between servers and web applications, such as web browsers that load a website. TLS uses one or more cipher suites to […]