Uncategorized – Qualys ThreatPROTECT

CISA Added Cisco, Hitachi, Microsoft, and Progress WhatsUp Vulnerabilities to its Known Exploited Vulnerabilities catalog

Posted by Diksha Ojha on March 4, 2025March 5, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns about the active exploitation of five vulnerabilities impacting software from Cisco, Hitachi Vantara, Microsoft Windows, and Progress WhatsUp Gold. CISA added the vulnerabilities to its Known Exploited Vulnerabilities Catalog, urging users to patch the flaw before March 24, 2025.

Veeam Service Provider Console Multiple Security Vulnerabilities (CVE-2024-42448 & CVE-2024-42449)

Posted by Diksha Ojha on December 4, 2024January 2, 2025

Veeam Service Provider Console is vulnerable to two security flaws tracked as CVE-2024-42448 and CVE-2024-42449. Both vulnerabilities were discovered during the internal testing at Veeam. Successful exploitation of the vulnerabilities may allow an attacker to execute arbitrary code or leak the NTLM hash of the VSPC server service account and delete files on the VSPC … Continue reading “Veeam Service Provider Console Multiple Security Vulnerabilities (CVE-2024-42448 & CVE-2024-42449)”

Pulse Connect Secure Remote Code Execution via Uncontrolled Gzip Extraction (CVE-2020-8260)

Posted by Vivek Chanchal on October 28, 2020October 28, 2020

On Oct 26th, 2020, Pulse issued a security advisory addressing multiple vulnerabilities of high severity in Pulse appliances. Among the multiple vulnerabilities, CVE-2020-8260 was identified as a Remote Code Execution vulnerability via Uncontrolled Gzip Extraction with a CVSSv3 base score of 7.2. Vulnerability Details: Security researchers Richard Warren and David Cash of NCC Group Research … Continue reading “Pulse Connect Secure Remote Code Execution via Uncontrolled Gzip Extraction (CVE-2020-8260)”

HP Device Manager Multiple Vulnerabilities (CVE-2020-6925, CVE-2020-6926, CVE-2020-6927)

Posted by Pallavi Pangavhane on October 14, 2020

Overview On 25 September 2020, HP released an advisory to address multiple vulnerabilities (CVE-2020-6925, CVE-2020-6926, and CVE-2020-6927) in the HP Device Manager. Successful exploitation of these vulnerabilities could lead to dictionary attacks, unauthorized remote access to resources, and elevation of privilege. Description CVE-2020-6925 – This vulnerability exists due to weak cipher implementation in HP Device Manager. It may allow dictionary attacks against locally managed accounts in … Continue reading “HP Device Manager Multiple Vulnerabilities (CVE-2020-6925, CVE-2020-6926, CVE-2020-6927)”

PRTG Network Monitor Information-Disclosure Vulnerability

Posted by Qualys on April 10, 2020June 6, 2020

Today We will exploit a simple but Important Vulnerability in PRTG Network Monitor. It is the most commonly used software for the monitor and classify system conditions like bandwidth usage or uptime and collect statistics from miscellaneous hosts as switches, routers, servers and other devices and applications. PRTG released a Patch fixing a vulnerability that … Continue reading “PRTG Network Monitor Information-Disclosure Vulnerability”

SolarWinds Firewall Security Manager userlogin.jsp Remote Code Execution Vulnerability (CVE-2015-2284)

Posted by Arun Modi on January 30, 2020March 12, 2020

Summary: Solar Winds Firewall Security Manager was observed to be vulnerable, recently. While following up on this we stumbled upon a public exploit for CVE-2015-2284, userlogin.jsp in SolarWinds Firewall Security Manager (FSM) before 6.6.5 HotFix1 allows remote attackers to gain privileges and execute arbitrary code. Description: The vulnerability is a source code disclosure related to the underlying Java application … Continue reading “SolarWinds Firewall Security Manager userlogin.jsp Remote Code Execution Vulnerability (CVE-2015-2284)”

Google Chrome Exploit in wild

Posted by Qualys on November 4, 2019June 6, 2020

Trick or Treat! Treat it is xD Rather than live in dread of Trick, Google chrome decided to treat its user with the Latest Chrome Update on Halloween Eve. But this twitchiness is not because of ghosts or goblins, the thought of Security breach gave Google the cold sweat. What you need to know On … Continue reading “Google Chrome Exploit in wild”

Nginx + PHP 7 Remote Code Execution Vulnerability

Posted by Bharat Jogi on October 27, 2019October 27, 2019

On October 24th2019, PHP released updates to address a remote code execution vulnerability. The vulnerability allows an attacker to run arbitrary commands on a vulnerable server by a specially crafted URL. This issue is tracked with CVE-2019-11043. Vulnerability Analysis: The vulnerability resides in the “env_path_info” underflow in PHP-FPM . It contains pointer arithmetics that assumes that … Continue reading “Nginx + PHP 7 Remote Code Execution Vulnerability”

Cisco ASA Shadow Brokers Exploit – CVE-2016-6366

Posted by Qualys on August 23, 2016August 24, 2016

Cisco recently released an advisory for Cisco ASA (Adaptive Security Appliance) SNMP Remote Code Execution Vulnerability. (cisco-sa-20160817-asa-snmp) The vulnerability allows the attacker to obtain full control of the system when crafted SNMP packets are sent to the affected system using SNMP community string. All supported versions of SNMP (v1, v2c, and 3) are affected by … Continue reading “Cisco ASA Shadow Brokers Exploit – CVE-2016-6366”

KAIXIN Exploit Kit Update

Posted by Ses Wang on July 11, 2016July 12, 2016

KaiXin exploit kit (EK) was first identified in August 2012 by Kahu Security. We believe this exploit kit is written by a Chinese hacker. The word KaiXin means “Happy” In Chinese. Here is the latest research for this exploit kit. Targeted Operating System: The KaiXin exploit kit is actively targeting Windows XP, Windows Vista, … Continue reading “KAIXIN Exploit Kit Update”