RCE Using Caller ID – Multiple Vulnerabilities in FusionPBX
Aon’s Cyber Solutions has recently discovered several vulnerabilities in FusionPBX, an open-source VoIP PBX application that runs on top of the FreeSWITCH VoIP switch. These vulnerabilities allow for novel exploitation vectors, including ...
RCE Using Caller ID – Multiple Vulnerabilities in FusionPBX
Aon’s Cyber Solutions has recently discovered several vulnerabilities in FusionPBX, an open-source VoIP PBX application that runs on top of the FreeSWITCH VoIP switch. These vulnerabilities allow for novel exploitation vectors, including ...
SSRF and XXE Vulnerabilities in PDFreactor
Aon’s Cyber Solutions recently discovered two vulnerabilities in RealObjects PDFreactior prior to version 10.1.10722 in the default configuration. The identified vulnerabilities allow attackers to perform Server-Side Request Forgery (SSRF) and XML External ...
SSRF and XXE Vulnerabilities in PDFreactor
Aon’s Cyber Solutions recently discovered two vulnerabilities in RealObjects PDFreactior prior to version 10.1.10722 in the default configuration. The identified vulnerabilities allow attackers to perform Server-Side Request Forgery (SSRF) and XML External ...
Unauthenticated Remote Code Execution in Kentico CMS
Aon’s Cyber Solutions Security Testing team recently discovered a vulnerability, CVE-2019-10068, in the Kentico CMS platform versions 12.0.14 and earlier. This issue allows for unauthenticated remote code execution through a deserialization vulnerability ...
Unauthenticated Remote Code Execution in Kentico CMS
Aon’s Cyber Solutions Security Testing team recently discovered a vulnerability, CVE-2019-10068, in the Kentico CMS platform versions 12.0.14 and earlier. This issue allows for unauthenticated remote code execution through a deserialization vulnerability ...
Remote Code Execution in BlogEngine.NET
Aon’s Cyber Solutions Security Testing team recently discovered a vulnerability, CVE-2019-6714, in the BlogEngine.NET blogging software platform affecting versions 3.3.6.0 and earlier. This issue allows for remote code execution through a path ...
Remote Code Execution in BlogEngine.NET
Aon’s Cyber Solutions Security Testing team recently discovered a vulnerability, CVE-2019-6714, in the BlogEngine.NET blogging software platform affecting versions 3.3.6.0 and earlier. This issue allows for remote code execution through a path ...
CUPS Local Privilege Escalation and Sandbox Escapes
Gotham Digital Science has discovered multiple vulnerabilities in Apple’s CUPS print system affecting macOS 10.13.4 and earlier and multiple Linux distributions. All information in this post has been shared with Apple and ...
Breaking Randomness in the Ethereum Universe [part 1]
It is widely acknowledged that generating secure random numbers on the Ethereum blockchain is difficult due to its deterministic nature. Each time a smart contract’s function is called inside of a transaction, ...
