Zoho ManageEngine PAM360, Access Manager Plus, and Password Manager Pro Remote Code Execution Vulnerability (CVE-2022-35405)

Zoho has released patches for a critical remote code execution vulnerability in its ManageEngine PAM360, Password Manager Pro, and Access Manager Plus. CISA also added the vulnerability (CVE-2022-35405) to its Known Exploited Vulnerabilities (KEV) Catalog.    The advisory strongly recommends users update to the latest versions of PAM360, Access Manager Plus, and Password Manager Pro … Continue reading “Zoho ManageEngine PAM360, Access Manager Plus, and Password Manager Pro Remote Code Execution Vulnerability (CVE-2022-35405)”

CVE-2016-7255 Vulnerability Analysis and Patch Diff

On November’s Patch Tuesday, Microsoft patched an elevation of privilege vulnerability (CVE-2016-7255) in MS16-135. It was reported that this vulnerability is being actively exploited by Pawn Storm, APT28, Fancy Bear. This blog is about what is this vulnerability and how does Microsoft fix it.   Window, Child Window and CVE-2016-7255 Window plays an important part in Microsoft’s … Continue reading “CVE-2016-7255 Vulnerability Analysis and Patch Diff”