Vulnerabilities
Vulnerability Research

“BootHole” GRUB2 Bootloader Secure Boot Bypass

Fri, 07/31/2020
“BootHole” GRUB2 Bootloader Secure Boot BypassAs of July 29th, a buffer overflow vulnerability has been disclosed in the way that GRUB2 parses its configuration file, grub.cfg that can lead to full control over an affected system before OS boot. This bypass vulnerability has been assigned CVE-2020-10713. GRUB2 is utilized on almost all modern Linux systems, Windows systems since 2012 that...
Vulnerability Management
Vulnerability Research

F5 Big-IP TMUI RCE

Wed, 07/15/2020
On June 30th 2020, F5 disclosed a Remote Code Execution (RCE) (CVE-2020-5902) vulnerability in their Traffic Management User Interface (TMUI), also referred to as the Configuration Utility. The directory traversal vulnerability can allow execution of system commands, as well as reading and writing of files and execution of arbitrary Java code. This vulnerability has a CVSSv3 base score of 9.8. ...
Vulnerability Management
Vulnerability Research

CVE-2020-2021 Palo Alto Networks PAN-OS: Authentication Bypass in SAML Authentication Vulnerability

Thu, 07/02/2020
CVE-2020-2021 Palo Alto Networks PAN-OSA critical severity authentication bypass vulnerability in certain configurations of Palo Alto Networks PAN-OS devices using Security Assertion Markup Language (SAML) authentication.On June 29, 2020, Palo Alto issued a security advisory for PAN-OS versions with SAML authentication enabled and the 'Validate Identity Provider Certificate' option disabled ...
Vulnerability Management
Vulnerability Research

Finding and Fixing Vulnerabilities in SMTP Server Listening on a Non-Default Port , a Medium Risk Vulnerability

Thu, 09/26/2019
Vulnerabilities in SMTP Server Listening on a Non-Default Port is a Medium risk vulnerability that is one of the most frequently found on networks around the world. This issue has been around since at least 1990 but has proven either difficult to detect, difficult to resolve or prone to being overlooked entirely.Vulnerability Name:SMTP Server Listening on a Non-Default PortTest ID:8869Risk...
Vulnerability Management
Vulnerability Research

Finding and Fixing Vulnerabilities in DNS Bypass Firewall Rules (UDP 53) , a Low Risk Vulnerability

Wed, 09/25/2019
ContentsVital information on this issueScanning For and Finding Vulnerabilities in DNS Bypass Firewall Rules (UDP 53)Penetration Testing (Pentest) for this VulnerabilitySecurity updates on Vulnerabilities in DNS Bypass Firewall Rules (UDP 53)Disclosures related to Vulnerabilities in DNS Bypass Firewall Rules (UDP 53)Confirming the Presence of Vulnerabilities in DNS Bypass Firewall Rules (UDP 53...
Vulnerability Management
Vulnerability Research

Finding and Fixing Vulnerabilities in Apache Tomcat Default Error Page Version Detection , a Low Risk Vulnerability

Tue, 09/24/2019
Vulnerabilities in Apache Tomcat Default Error Page Version Detection is a Low risk vulnerability that is one of the most frequently found on networks around the world. This issue has been around since at least 1990 but has proven either difficult to detect, difficult to resolve or prone to being overlooked entirely.Vulnerability Name:Apache Tomcat Default Error Page Version DetectionTest ID...
Vulnerability Management
Vulnerability Research

Finding and Fixing Vulnerabilities in TFTPd Detection , a Low Risk Vulnerability

Tue, 09/24/2019
Vulnerabilities in TFTPd Detection is a Low risk vulnerability that is one of the most frequently found on networks around the world. This issue has been around since at least 1990 but has proven either difficult to detect, difficult to resolve or prone to being overlooked entirely.Vulnerability Name:TFTPd DetectionTest ID:2709Risk:LowCategory:Simple Network servicesType:AttackSummary:The remote...
Vulnerability Management
Vulnerability Research

Finding and Fixing Vulnerabilities in SMTP Authentication Methods , a Low Risk Vulnerability

Tue, 09/24/2019
Vulnerabilities in SMTP Authentication Methods is a Low risk vulnerability that is one of the most frequently found on networks around the world. This issue has been around since at least 1990 but has proven either difficult to detect, difficult to resolve or prone to being overlooked entirely.Vulnerability Name:SMTP Authentication MethodsTest ID:13476Risk:LowCategory:Mail serversType...
Vulnerability Management
Vulnerability Research

Finding and Fixing Vulnerabilities in Appweb HTTP Server Version , a Low Risk Vulnerability

Tue, 09/24/2019
Vulnerabilities in Appweb HTTP Server Version is a Low risk vulnerability that is one of the most frequently found on networks around the world. This issue has been around since at least 1990 but has proven either difficult to detect, difficult to resolve or prone to being overlooked entirely.Vulnerability Name:Appweb HTTP Server VersionTest ID:14979Risk:LowCategory:Web ServersType:AttackSummary...
Vulnerability Management
Vulnerability Research

Finding and Fixing Vulnerabilities in IIS Content-Location HTTP Header , a Low Risk Vulnerability

Tue, 09/24/2019
Vulnerabilities in IIS Content-Location HTTP Header is a Low risk vulnerability that is one of the most frequently found on networks around the world. This issue has been around since at least 1990 but has proven either difficult to detect, difficult to resolve or prone to being overlooked entirely.Vulnerability Name:IIS Content-Location HTTP HeaderTest ID:1520Risk:LowCategory:Web serversType...
Vulnerability Management
Vulnerability Research

Finding and Fixing Vulnerabilities in SLP Server Detection (udp) , a Low Risk Vulnerability

Tue, 09/24/2019
ContentsVital information on this issueScanning For and Finding Vulnerabilities in SLP Server Detection (udp)Penetration Testing (Pentest) for this VulnerabilitySecurity updates on Vulnerabilities in SLP Server Detection (udp)Disclosures related to Vulnerabilities in SLP Server Detection (udp)Confirming the Presence of Vulnerabilities in SLP Server Detection (udp)False positive/negativesPatching...
Vulnerability Management
Vulnerability Research

Finding and Fixing Vulnerabilities in SMTP Service STARTTLS Command Support , a Low Risk Vulnerability

Tue, 09/24/2019
Vulnerabilities in SMTP Service STARTTLS Command Support is a Low risk vulnerability that is one of the most frequently found on networks around the world. This issue has been around since at least 1990 but has proven either difficult to detect, difficult to resolve or prone to being overlooked entirely.Vulnerability Name:SMTP Service STARTTLS Command SupportTest ID:11962Risk:LowCategory:Mail...
Vulnerability Management
Vulnerability Research

Finding and Fixing Vulnerabilities in Apache HTTP Server httpOnly Cookie Information Disclosure, a Low Risk Vulnerability

Tue, 09/24/2019
Vulnerabilities in Apache HTTP Server httpOnly Cookie Information Disclosure is a Low risk vulnerability that is one of the most frequently found on networks around the world. This issue has been around since at least 1990 but has proven either difficult to detect, difficult to resolve or prone to being overlooked entirely.Vulnerability Name:Apache HTTP Server httpOnly Cookie Information...
Vulnerability Management
Vulnerability Research

Finding and Fixing Vulnerabilities in TTL Anomaly Detection , a Low Risk Vulnerability

Tue, 09/24/2019
Vulnerabilities in TTL Anomaly Detection is a Low risk vulnerability that is one of the most frequently found on networks around the world. This issue has been around since at least 1990 but has proven either difficult to detect, difficult to resolve or prone to being overlooked entirely.Vulnerability Name:TTL Anomaly DetectionTest ID:2711Risk:LowCategory:Network DevicesType:AttackSummary:The...
Vulnerability Management
Vulnerability Research

Finding and Fixing Vulnerabilities in VMware ESX GSX Server Detection , a Low Risk Vulnerability

Tue, 09/24/2019
Vulnerabilities in VMware ESX/GSX Server Detection is a Low risk vulnerability that is one of the most frequently found on networks around the world. This issue has been around since at least 1990 but has proven either difficult to detect, difficult to resolve or prone to being overlooked entirely.Vulnerability Name:VMware ESX/GSX Server DetectionTest ID:9461Risk:LowCategory:Simple Network...
Vulnerability Management
Vulnerability Research

Finding and Fixing Vulnerabilities in SLP Detection , a Low Risk Vulnerability

Tue, 09/24/2019
ContentsVital information on this issueScanning For and Finding Vulnerabilities in SLP DetectionPenetration Testing (Pentest) for this VulnerabilitySecurity updates on Vulnerabilities in SLP DetectionDisclosures related to Vulnerabilities in SLP DetectionConfirming the Presence of Vulnerabilities in SLP DetectionFalse positive/negativesPatching/Repairing this vulnerabilityExploits related to...
Vulnerability Management
Vulnerability Research

Finding and Fixing Vulnerabilities in Veritas NetBackup Agent Detection, a Low Risk Vulnerability

Tue, 09/24/2019
Contents Vital information on this issue Scanning For and Finding Vulnerabilities in Veritas NetBackup Agent Detection Penetration Testing (Pentest) for this Vulnerability Security updates on Vulnerabilities in Veritas NetBackup Agent Detection Disclosures related to Vulnerabilities in Veritas NetBackup Agent Detection Confirming the Presence of Vulnerabilities in Veritas...
Vulnerability Management
Vulnerability Research

Finding and Fixing Vulnerabilities in Flash Cross-Domain Policy File , a Low Risk Vulnerability

Tue, 09/24/2019
ContentsVital information on this issueScanning For and Finding Vulnerabilities in Flash Cross-Domain Policy FilePenetration Testing (Pentest) for this VulnerabilitySecurity updates on Vulnerabilities in Flash Cross-Domain Policy FileDisclosures related to Vulnerabilities in Flash Cross-Domain Policy FileConfirming the Presence of Vulnerabilities in Flash Cross-Domain Policy FileFalse positive...
Vulnerability Management
Vulnerability Research

Finding and Fixing Vulnerabilities in Microsoft .NET Handlers Enumeration , a Low Risk Vulnerability

Tue, 09/24/2019
Contents Vital information on this issue Scanning For and Finding Vulnerabilities in Microsoft .NET Handlers Enumeration Penetration Testing (Pentest) for this Vulnerability Security updates on Vulnerabilities in Microsoft .NET Handlers Enumeration Disclosures related to Vulnerabilities in Microsoft .NET Handlers Enumeration Confirming the Presence of Vulnerabilities in...
Vulnerability Management
Vulnerability Research

Finding and Fixing Vulnerabilities in Apache HTTP Server httpOnly Cookie Information Leak , a Low Risk Vulnerability

Tue, 09/24/2019
ContentsVital information on this issueScanning For and Finding Vulnerabilities in Apache HTTP Server httpOnly Cookie Information LeakPenetration Testing (Pentest) for this VulnerabilitySecurity updates on Vulnerabilities in Apache HTTP Server httpOnly Cookie Information LeakDisclosures related to Vulnerabilities in Apache HTTP Server httpOnly Cookie Information LeakConfirming the Presence of...
Vulnerability Management