Summary: A critical advisory was released by Palo Alto Networks for PAN-OS. PAN OS is the software that runs all Palo Alto Networks next-generation firewalls. Advisory Link: https://security.paloaltonetworks.com/CVE-2020-2021 Description: Authentication Bypass vulnerability was found in SAML(Security Assertion Markup Language) Authentication. An unauthenticated network-based attacker can access protected resources due to improper verification of signatures in PAN-OS SAML authentication. SAML Workflow SAML … Continue reading “Palo Alto Networks PAN-OS:Authentication Bypass in SAML Authentication Vulnerability(PAN-148988)”
Author: Rupesh More
PhpFileManager 0.9.8 Remote Command Execution Vulnerability(CVE-2015-5958)
Summary: phpFileManager version suffers from a RCE vulnerability that can be executed via cross site request forgery. Product: phpFileManager version 0.9.8 Vulnerability Type: Remote Command Execution CVE Reference: CVE-2015-5958 Description: PHPFileManager is vulnerable to remote command execution and execute operating system commands via GET requests from a victims browser.Once the call to the operating systems … Continue reading “PhpFileManager 0.9.8 Remote Command Execution Vulnerability(CVE-2015-5958)”
Microsoft Visual Studio 2008 Express IDE XML Injection Vulnerability (Zero Day)
Summary: Recently, a security researcher disclosed a XML External Entity Injection Zero Day in Microsoft Visual Studio 2008 Express IDE. It can allow remote attackers to grap files from the victims computer, sending them to the remote attackers server. Affected Product:Visual Studio 2008 Express IDE Security Issue:Visual Studio 2008 IDE vulnerable to XML External Entity … Continue reading “Microsoft Visual Studio 2008 Express IDE XML Injection Vulnerability (Zero Day)”