Categories • Page 5/6
Security research
Here’s where our security researchers analyze and share insights about the latest vulnerabilities, providing details on how they work, or how to exploit them.
How to exploit the DotNetNuke Cookie Deserialization
We looked at around 300 DotNetNuke deployments in the wild and discovered that one in five installations was vulnerable to CVE-2017-9822. That includes governmental and banking websites. As part of this research, we discovered a Remote Code Execution vulnerability exploitable through DNN Cookie Deserialization in one of the U.S. Department Of Defense’s biggest websites. After having responsibly reported it through HackerOne, the DOD solved the high-severity vulnerability and disclosed the report, with all details now publicly available.
- Author(s)
- Published at
- Updated at
How to detect the Microsoft SMBGhost vulnerability with Pentest-Tools.com
For the past couple of weeks, a critical RCE vulnerability found in Microsoft Server Message Block 3.1.1 (SMBv3) has kept both the Microsoft users and the security community on their toes. To help our customers better detect if their Windows hosts were affected by the critical SMBGhost vulnerability, we developed and added a new, dedicated scanner on Pentest-Tools.com.
- Author(s)
- Published at
- Updated at
How to detect the SACK Panic vulnerability with Wireshark
The security team at Pentest-Tools.com has recently performed an in-depth analysis of the SACK Panic vulnerability (which was first disclosed in June 2019) to find out its exploitability against Linux machines. Throughout this research, we’ve identified a new method to detect vulnerable servers using Wireshark, the popular network traffic analyzer.
- Author(s)
- Published at
- Updated at
Capital One, CafePress, Suprema data breaches and their root causes
In this article, we discuss some of the most recent data breaches, what are their root causes, and how to better secure your most valuable personal information and other digital assets.
- Author(s)
- Published at
- Updated at
Analysis of recent Exim mail server vulnerabilities
For the past months, multiple critical vulnerabilities were found in Exim mail servers that could allow attackers to gain remote access and perform malicious activities: CVE-2019-16928, CVE-2019-15846, and CVE-2019-10149.
- Author(s)
- Published at
- Updated at
BlueKeep, the Microsoft RDP vulnerability - What we know so far
BlueKeep is a critical security flaw found in Microsoft Remote Desktop Services that was making the headlines for the past two months. In this article, we explore the key facts about this vulnerability.
- Author(s)
- Published at
- Updated at
Analysis of a WordPress Remote Code Execution attack
This article shows our analysis of a known attack (presented in February 2019) against WordPress versions 5.0.0 and lower, awarding an intruder with arbitrary code execution on the webserver. The article covers each exploitation step and HTTP request required for a successful attack.
- Author(s)
- Published at
- Updated at
