Apache ActiveMQ Jolokia Remote Code Execution Vulnerability (CVE-2022-41678) Notification

Overview Recently, NSFOCUS CERT found a remote code execution vulnerability in Apache ActiveMQ Jolokia (CVE-2022-41678). In the configuration of ActiveMQ, jetty allows org.holokia.http.AgentServlet to process requests for/api/Jolokia. An authenticated attacker can send ...

BIG-IP Vulnerability Alert: Remote Code Execution Risk

In recent news, F5 has issued a critical security alert regarding a significant BIG-IP vulnerability that poses a severe risk to their BIG-IP systems. This vulnerability, rated at 9.8 out of 10 ...
Every Rose Has Its Thorn SFTP Gateway

Every Rose Has Its Thorn SFTP Gateway

Overview In an effort to safeguard our customers, we perform proactive vulnerability research with the goal of identifying zero-day vulnerabilities that are likely to impact the security of leading organizations.  The recent ...

Technical Advisory: F5 BIG-IP Unauthenticated RCE Vulnerability, CVE-2023-46747

Overview In an effort to safeguard our customers, we perform proactive vulnerability research with the goal of identifying zero-day vulnerabilities that are likely to impact the security of leading organizations. Recently, we ...
Technical Advisory: Vulnerabilities Identified within ListServ

Technical Advisory: Vulnerabilities Identified within ListServ

Overview In an effort to safeguard our customers, we perform proactive vulnerability research with the goal of identifying zero-day vulnerabilities that are likely to impact the security of leading organizations. Our ultimate ...

Workstations At Risk: Unveiling the RCE Bug

Recently, the world was made aware of a major vulnerability lurking within Windows Themes, tagged as CVE-2023-38146. This vulnerability, called ‘ThemeBleed,’ has a high severity rating of 8.8 and has sparked worry ...
DoubleQlik: Bypassing the Fix for CVE-2023-41265 to Achieve Unauthenticated Remote Code Execution

DoubleQlik: Bypassing the Fix for CVE-2023-41265 to Achieve Unauthenticated Remote Code Execution

Overview On August 29th, 2023, Qlik issued a patch for two vulnerabilities we identified in Qlik Sense Enterprise, CVE-2023-41265 and CVE-2023-41266. These vulnerabilities allowed for unauthenticated remote code execution via path traversal ...

Advisory: Qlik Original Fix for CVE 2023-41265 Vulnerable to RCE

Overview On August 29th, 2023 Qlik issued a patch for two vulnerabilities we identified in Qlik Sense Enterprise, CVE-2023-41265 and CVE-2023-41266. These vulnerabilities allowed for unauthenticated remote code execution via path traversal ...
What You Need to Know About the Apache Commons Text Flaw (CVE-2022-42889)

What You Need to Know About the Apache Commons Text Flaw (CVE-2022-42889)

Vulnerability researchers and media sources are paying a lot of attention to CVE-2022-42889, a vulnerability affecting the open source library Apache Commons Text, which could potentially allow a malicious actor to execute ...