We disclosed a few vulns last week affecting SimpleHelp's remote support software: ♦️ CVE-2024-57726: Priv esc to admin ♦️ CVE-2024-57727: Unauth arbitrary file download ♦️ CVE-2024-57728: Admin RCE via arbitrary file upload Together these vulns could enable an attacker with no prior privileges to compromise a SimpleHelp server and client machines managed by SimpleHelp. Our blog with a detection POC:

Our latest post detailing compromising the #PaloAlto #Expedition. While investigating CVE-2024-5910, we discovered and reported 3 additional vulnerabilities allowing an attacker to obtain RCE and leak integration credentials across the ecosystem.

Today, we are disclosing the details of CVE-2024-28987, a hardcoded cred vuln affecting #SolarWinds Web Help Desk. It allows attackers to read all help desk tickets, often containing sensitive IT procedures: 🔹User onboarding 🔹Password resets 🔹Shared resource creds

In our latest post, we investigate the recent #CISA #KEV for CVE-2024-8190: a command injection vulnerability affecting #Ivanti Cloud Service Appliance.

CVE-2024-29847, affecting #Ivanti EPM, allows remote unauthenticated attackers to execute arbitrary commands as SYSTEM. Check out our latest deep-dive: Credit to @SinSinology for the initial discovery.

Additionally, we disclosed a critical path traversal vulnerability CVE-2024-31214 affecting the popular #Traccar GPS tracking application, that could lead to unauthenticated remote code execution in the default configuration of Traccar 5.

In light of a recent potential breach affecting #HuggingFace, here are a few vulnerabilities we disclosed that affected #Gradio and our recent work with Hugging Face to secure their Spaces environment: 🔺 CVE-2023-51449 🔺 CVE-2023-1561

Our deep-dive for the recent #Ivanti Endpoint Manager (EPM) unauth SQL injection to RCE vulnerability: CVE-2024-29824.

Our latest post by one of our recent team additions, Luke Harding, revisits CVE-2023-48788 - a SQL injection for #Fortinet #FortiClient EMS. He details exploitation obstacles and payload crafting between the two mainline versions of the software.

Back again - more cmd injections for the #Fortinet #FortiSIEM! Today we’re disclosing the details surrounding CVE-2024-23108 and CVE-2024-23109. These result from the use of Python’s os.system() in scripts which an unauth attacker controls arguments.

Our deep-dive, IOCs, and exploit for CVE-2023-34992, an unauth command injection as root, effecting #Fortinet #FortiSIEM appliances.

Our deep-dive for the recent #Fortinet #FortiClient EMS SQL injection vulnerability, CVE-2023-48788, that leads to RCE as SYSTEM.

Today we are disclosing several vulnerabilities effecting the #Fortinet #FortiWLM (Wireless LAN Manager). The vulnerabilities span from command injection, SQL injection, to file reads. While most were patched late last year, 2 remain unpatched after 307 days from our initial report.

The recent #Fortinet #FortiClient Endpoint Management Server (EMS) SQL injection vulnerability, CVE-2023-48788, allows an unauth attacker to obtain RCE as SYSTEM on the server. IOCs, POC, and deep-dive blog to be released next week. In the meantime, check DAS service logs for malicious looking queries.

Today we are disclosing a critical SSRF vulnerability, CVE-2023-49785, in a popular Gen AI chatbot, NextChat a.k.a ChatGPT-Next-Web. This disclosure comes 107 days after initial report. There is no patch at this time.

The recent #Progress #OpenEdge auth bypass, CVE-2024-1403, allows an unauth user to obtain admin perms to control svcs. While a path to RCE was not discovered in the limited time we dedicated, it is likely possible. The gist, if username == “NT AUTHORITY/SYSTEM”: you may pass.

We also shared our findings with @GreyNoiseIO yesterday so check out their tag