Vulnerabilities
Vulnerability Research

F5 Big-IP TMUI RCE

Wed, 07/15/2020
On June 30th 2020, F5 disclosed a Remote Code Execution (RCE) (CVE-2020-5902) vulnerability in their Traffic Management User Interface (TMUI), also referred to as the Configuration Utility. The directory traversal vulnerability can allow execution of system commands, as well as reading and writing of files and execution of arbitrary Java code. This vulnerability has a CVSSv3 base score of 9.8. ...
Vulnerability Management
Vulnerability Research

CVE-2020-2021 Palo Alto Networks PAN-OS: Authentication Bypass in SAML Authentication Vulnerability

Thu, 07/02/2020
CVE-2020-2021 Palo Alto Networks PAN-OSA critical severity authentication bypass vulnerability in certain configurations of Palo Alto Networks PAN-OS devices using Security Assertion Markup Language (SAML) authentication.On June 29, 2020, Palo Alto issued a security advisory for PAN-OS versions with SAML authentication enabled and the 'Validate Identity Provider Certificate' option disabled ...
Vulnerability Management
Vulnerability Research

Finding and Fixing Vulnerabilities in SMTP Server Listening on a Non-Default Port , a Medium Risk Vulnerability

Thu, 09/26/2019
Vulnerabilities in SMTP Server Listening on a Non-Default Port is a Medium risk vulnerability that is one of the most frequently found on networks around the world. This issue has been around since at least 1990 but has proven either difficult to detect, difficult to resolve or prone to being overlooked entirely.Vulnerability Name:SMTP Server Listening on a Non-Default PortTest ID:8869Risk...
Vulnerability Management
Vulnerability Research

Finding and Fixing Vulnerabilities in DNS Bypass Firewall Rules (UDP 53) , a Low Risk Vulnerability

Wed, 09/25/2019
ContentsVital information on this issueScanning For and Finding Vulnerabilities in DNS Bypass Firewall Rules (UDP 53)Penetration Testing (Pentest) for this VulnerabilitySecurity updates on Vulnerabilities in DNS Bypass Firewall Rules (UDP 53)Disclosures related to Vulnerabilities in DNS Bypass Firewall Rules (UDP 53)Confirming the Presence of Vulnerabilities in DNS Bypass Firewall Rules (UDP 53...
Vulnerability Management
Vulnerability Research

Finding and Fixing Vulnerabilities in Apache Tomcat Default Error Page Version Detection , a Low Risk Vulnerability

Tue, 09/24/2019
Vulnerabilities in Apache Tomcat Default Error Page Version Detection is a Low risk vulnerability that is one of the most frequently found on networks around the world. This issue has been around since at least 1990 but has proven either difficult to detect, difficult to resolve or prone to being overlooked entirely.Vulnerability Name:Apache Tomcat Default Error Page Version DetectionTest ID...
Vulnerability Management
Vulnerability Research

Finding and Fixing Vulnerabilities in TFTPd Detection , a Low Risk Vulnerability

Tue, 09/24/2019
Vulnerabilities in TFTPd Detection is a Low risk vulnerability that is one of the most frequently found on networks around the world. This issue has been around since at least 1990 but has proven either difficult to detect, difficult to resolve or prone to being overlooked entirely.Vulnerability Name:TFTPd DetectionTest ID:2709Risk:LowCategory:Simple Network servicesType:AttackSummary:The remote...
Vulnerability Management
Vulnerability Research

Finding and Fixing Vulnerabilities in SMTP Authentication Methods , a Low Risk Vulnerability

Tue, 09/24/2019
Vulnerabilities in SMTP Authentication Methods is a Low risk vulnerability that is one of the most frequently found on networks around the world. This issue has been around since at least 1990 but has proven either difficult to detect, difficult to resolve or prone to being overlooked entirely.Vulnerability Name:SMTP Authentication MethodsTest ID:13476Risk:LowCategory:Mail serversType...
Vulnerability Management
Vulnerability Research

Finding and Fixing Vulnerabilities in Appweb HTTP Server Version , a Low Risk Vulnerability

Tue, 09/24/2019
Vulnerabilities in Appweb HTTP Server Version is a Low risk vulnerability that is one of the most frequently found on networks around the world. This issue has been around since at least 1990 but has proven either difficult to detect, difficult to resolve or prone to being overlooked entirely.Vulnerability Name:Appweb HTTP Server VersionTest ID:14979Risk:LowCategory:Web ServersType:AttackSummary...
Vulnerability Management
Vulnerability Research

Finding and Fixing Vulnerabilities in IIS Content-Location HTTP Header , a Low Risk Vulnerability

Tue, 09/24/2019
Vulnerabilities in IIS Content-Location HTTP Header is a Low risk vulnerability that is one of the most frequently found on networks around the world. This issue has been around since at least 1990 but has proven either difficult to detect, difficult to resolve or prone to being overlooked entirely.Vulnerability Name:IIS Content-Location HTTP HeaderTest ID:1520Risk:LowCategory:Web serversType...
Vulnerability Management
Vulnerability Research

Finding and Fixing Vulnerabilities in SMTP Service STARTTLS Command Support , a Low Risk Vulnerability

Tue, 09/24/2019
Vulnerabilities in SMTP Service STARTTLS Command Support is a Low risk vulnerability that is one of the most frequently found on networks around the world. This issue has been around since at least 1990 but has proven either difficult to detect, difficult to resolve or prone to being overlooked entirely.Vulnerability Name:SMTP Service STARTTLS Command SupportTest ID:11962Risk:LowCategory:Mail...
Vulnerability Management
Vulnerability Research

Finding and Fixing Vulnerabilities in Microsoft IIS Default Page, a Low Risk Vulnerability

Tue, 09/24/2019
What is Microsoft IIS Default Page Vulnerability?Vulnerabilities in Microsoft IIS Default Page is a Low risk vulnerability that is one of the most frequently found on networks around the world. This issue has been around since at least 1990 but has proven either difficult to detect, difficult to resolve or prone to being overlooked entirely.Vulnerability Name:Microsoft IIS Default PageTest ID...
Vulnerability Management
Vulnerability Research

How to Find and Fix the HTTP TRACE Method XSS Vulnerability (CVE-2010-0386)

Tue, 09/24/2019
Vulnerabilities in HTTP TRACE Method XSS Vulnerability is a low-risk vulnerability that is one of the most frequently found on networks around the world. When HTTP TRACE is exploited, attackers can run a cross-site scripting attack on servers. This issue has been around since at least 1990 but has proven either difficult to detect, difficult to resolve or prone to being overlooked entirely. About...
Vulnerability Management
Vulnerability Research

Finding and Fixing Vulnerabilities in FTP Clear Text Authentication, a Low Risk Vulnerability

Tue, 09/24/2019
Vulnerabilities in FTP Clear Text Authentication is a Low risk vulnerability that is one of the most frequently found on networks around the world. This issue has been around since at least 1990 but has proven either difficult to detect, difficult to resolve or prone to being overlooked entirely.Vulnerability Name:FTP Clear Text AuthenticationTest ID:11278Risk:LowCategory:FTP serversType...
Vulnerability Management
Vulnerability Research

Finding and Fixing Vulnerabilities in IIS Allows BASIC and/or NTLM Authentication, a Low Risk Vulnerability

Tue, 09/24/2019
Vulnerabilities in IIS Allows BASIC and/or NTLM Authentication is a Low risk vulnerability that is one of the most frequently found on networks around the world. This issue has been around since at least 1990 but has proven either difficult to detect, difficult to resolve or prone to being overlooked entirely.Vulnerability Name:IIS Allows BASIC and/or NTLM AuthenticationTest ID:2658Risk...
Vulnerability Management
Vulnerability Research

Finding and Fixing Vulnerabilities in Telnet Detection , a Low Risk Vulnerability

Tue, 09/24/2019
Vulnerabilities in Telnet Detection is a Low risk vulnerability that is one of the most frequently found on networks around the world. This issue has been around since at least 1990 but has proven either difficult to detect, difficult to resolve or prone to being overlooked entirely.Vulnerability Name:Telnet DetectionRisk:LowCategory:Simple Network servicesType:AttackSummary:The Telnet service is...
Vulnerability Management
Vulnerability Research

Finding and Fixing Vulnerabilities in SNMP Protocol Version Detection , a Low Risk Vulnerability

Tue, 09/24/2019
Vulnerabilities in SNMP Protocol Version Detection is a Low risk vulnerability that is one of the most frequently found on networks around the world. This issue has been around since at least 1990 but has proven either difficult to detect, difficult to resolve or prone to being overlooked entirely.Vulnerability Name:SNMP Protocol Version DetectionTest ID:11468Risk:LowCategory:SNMP servicesType...
Vulnerability Management
Vulnerability Research

Finding and Fixing Vulnerabilities in RPC Portmapper, a Low Risk Vulnerability

Tue, 09/24/2019
Vulnerabilities in RPC Portmapper is a Low risk vulnerability that is one of the most frequently found on networks around the world. This issue has been around since at least 1990 but has proven either difficult to detect, difficult to resolve or prone to being overlooked entirely.Vulnerability Name:RPC PortmapperTest ID:901Risk:MediumCategory:RPC servicesType:AttackSummary:The RPC portmapper ...
Vulnerability Management
Vulnerability Research

Fixing Vulnerabilities in Windows SMB NULL Session Authentication

Tue, 09/24/2019
Vulnerability Name:NULL Session Available (SMB)Test ID:10637Risk:LowCategory:Policy ChecksType:AttackSummary:The remote host is running one of the Microsoft Windows operating systems. It was possible to log into it using a NULL session. A NULL session (no login/password) allows to get information about the remote host.Solution:Disabling Logging of Anonymous Logon Events (on Windows XP and later)...
Vulnerability Management
Vulnerability Research

Finding and Fixing Vulnerabilities in TCP Timestamps Retrieval , a Low Risk Vulnerability

Tue, 09/24/2019
Vulnerabilities in TCP Timestamps Retrieval is a Low risk vulnerability that is one of the most frequently found web vulnerabilities on networks around the world. This issue has been around since at least 1990 but has proven either difficult to detect, difficult to resolve or prone to being overlooked entirely.Vulnerability Name:TCP Timestamps RetrievalTest ID:10399Risk:LowCategory:Preliminary...
Vulnerability Management
Vulnerability Research

Finding and Fixing Vulnerabilities in Supported SSL Ciphers Suites, a Low Risk Vulnerability

Tue, 09/24/2019
Vulnerabilities in Supported SSL Ciphers Suites is a Low risk vulnerability that is one of the most frequently found on networks around the world. This issue has been around since at least 1990 but has proven either difficult to detect, difficult to resolve or prone to being overlooked entirely.Vulnerability Name:Supported SSL Ciphers SuitesTest ID:9819Risk:LowCategory:Encryption and...
Vulnerability Management