Common Vulnerabilities & Exposures
Vulnerability 1: DotCMS Remote Code Execution Vulnerability (10.0 Critical) Description: A Remote Code Execution (RCE) vulnerability exists within DotCMS v5.2.3. An RCE attack involves an attacker executing code from an external location without, technically, physically operating on the compromised device. In DotCMS’ situation, an attacker is able to specially craft a HTTP POST request, through the […]
How a Zero Trust Approach Could Improve Your Cyber-Security
Would you say you have zero trust in your cyber security systems and processes at the moment? Or would you say you are pretty comfortable with how you are protecting your users, data and network? The latter can be achieved with what’s called a “zero-trust approach” and as you can tell, there’s a pretty big […]
Common Vulnerabilities & Exposures
Vulnerability 1: Printnightmare Windows Spooler Service (9.0 Critical) Description: The Windows Spooler Service (WSS) holds a Remote Code Execution vulnerability. The WSS is used to implement the print roles for clients and servers, by enabling each connected system to act as a print client, administrative client or print server for printer services. A remote code execution (RCE) […]
Common Vulnerabilities and Exposures August 2021
Vulnerability 1: ManageEngine ADSelfService Plus CSV Injection Vulnerability (9.3 Critical) Description: A CSV injection vulnerability lies within ManageEngine AD Self Service Plus system. A CSV injection attack involves an attacker exploiting improper validation techniques used by websites and web applications and by doing this they can execute applications and code. These types of attacks can be exploited […]
Common Vulnerabilities and Exposures – October 2022
Critical Zoho ManageEngine RCE Vulnerability On the 22nd September 2022, the US Cybersecurity and Infrastructure Security Agency (CISA) added a critical unauthenticated Remote Code Execution (RCE) vulnerability affecting Zoho ManageEngine products to their Known Exploited Vulnerabilities catalog. This vulnerability has a CVSS score of 9.8 and exploits a java deserialisation vulnerability that allows an unauthenticated […]