On July 29th, 2020, Pulse issued a security advisory addressing multiple vulnerabilities in Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) with severity marked as High. Among the multiple vulnerabilities, CVE-2020-8218 was identified as a Code Injection vulnerability with a CVSSv3 base score 7.2. Vulnerability Details: PPS is a standards-based and scalable NAC solution … Continue reading “Pulse Connect Secure And Policy Secure Code Injection Vulnerability (CVE-2020-8218)”
Tag: Code Injection
Citrix ADC And Citrix Gateway Multiple Security Vulnerabilities (CTX276688)
Citrix issued a new security advisory CTX276688 on 7th July,2020 addressing multiple security vulnerabilities in Citrix networking products like Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP. Description: Citrix identified several vulnerabilities in products like Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP. Approximately 11 vulnerabilities of type including Code Injection, Privilege Escalation, Authorization Bypass, … Continue reading “Citrix ADC And Citrix Gateway Multiple Security Vulnerabilities (CTX276688)”
.NET Zero-Day Exploited to Spread FINSPY:CVE-2017-8759
A Zero-day vulnerability in the .NET framework is being actively exploited in the wild. The vulnerability has been assigned CVE-2017-8759. Exploiting this vulnerability results in the remote code execution on the target machine. The attack was disclosed by FireEye. The vulnerability is being used to distribute FINSPY malware. The affected .NET versions are listed below … Continue reading “.NET Zero-Day Exploited to Spread FINSPY:CVE-2017-8759”