Tags
CVE
How to attack F5 BIG-IP using CVE-2020-5902 (TMUI RCE)
Let’s tackle a vulnerability that broke out not only in BIG-IP firewalls but also on social media! When a major issue affecting a security product emerges, it immediately makes the headlines, the paradox of the situation impossible to ignore.
- Published at
- Updated at
How to chain SMBleed and SMBGhost to get RCE in Windows 10
Think like an attacker, act like a defender. That’s the pentesters’ mantra, if you ask me. That’s why today we’re diving into one of the most interesting tactics that malicious actors use: vulnerability chaining.
- Published at
- Updated at
How to exploit the DotNetNuke Cookie Deserialization
We looked at around 300 DotNetNuke deployments in the wild and discovered that one in five installations was vulnerable to CVE-2017-9822. That includes governmental and banking websites. As part of this research, we discovered a Remote Code Execution vulnerability exploitable through DNN Cookie Deserialization in one of the U.S. Department Of Defense’s biggest websites. After having responsibly reported it through HackerOne, the DOD solved the high-severity vulnerability and disclosed the report, with all details now publicly available.
- Published at
- Updated at
How to detect the Microsoft SMBGhost vulnerability with Pentest-Tools.com
For the past couple of weeks, a critical RCE vulnerability found in Microsoft Server Message Block 3.1.1 (SMBv3) has kept both the Microsoft users and the security community on their toes. To help our customers better detect if their Windows hosts were affected by the critical SMBGhost vulnerability, we developed and added a new, dedicated scanner on Pentest-Tools.com.
- Published at
- Updated at
[New scanners] Detect SMBGhost and Ghostcat vulnerabilities with Pentest-Tools.com
Vulnerability scanners are essential pentesting tools to quickly discover critical security flaws before hackers do. The more specific, the more useful! To help our customers better detect if their systems are impacted by the SMBGhost and GhostCat vulnerabilities, we built and added two new, dedicated scanners on Pentest-Tools.com.
- Published at
- Updated at
New tool for detecting the critical Citrix RCE vulnerability (CVE-2019-19781)
To help our customers assess the security of their Citrix ADC and Citrix Gateway devices, we have added a new tool on Pentest-Tools.com to detect the recent RCE vulnerability (CVE-2019-19781).
- Published at
- Updated at
How to detect the SACK Panic vulnerability with Wireshark
The security team at Pentest-Tools.com has recently performed an in-depth analysis of the SACK Panic vulnerability (which was first disclosed in June 2019) to find out its exploitability against Linux machines. Throughout this research, we’ve identified a new method to detect vulnerable servers using Wireshark, the popular network traffic analyzer.
- Published at
- Updated at