Webmin Critical Security vulnerabilities (CVE-2021-31760, CVE-2021-31761, CVE-2021-31762)

Webmin is a web-based system administration tool for Unix-like servers, and services with over 1,000,000 installations worldwide. Using Webmin, you can configure operating system internals, such as users, disk quotas, services, or configuration files, as well as modify, and control open-source apps, such as BIND DNS Server, Apache HTTP Server, PHP, MySQL, and many more. … Continue reading “Webmin Critical Security vulnerabilities (CVE-2021-31760, CVE-2021-31761, CVE-2021-31762)”

Apache OFBiz Remote Code Execution Vulnerability (CVE-2020-9496)

Overview: On 19 May 2020, Apache published an advisory to address an insecure deserialization vulnerability in Apache OFBiz.  The vulnerability occurs due to Java serialization issues while processing requests sent to the “/webtools/control/xmlrpc” URL. This vulnerability may lead to a variety of attacks like stealing user/admin credentials. This issue can be escalated into a Remote … Continue reading “Apache OFBiz Remote Code Execution Vulnerability (CVE-2020-9496)”

Linear eMerge E3 Multiple Security Vulnerabilities

Nortek has announced a critical vulnerabilities in Linear eMerge E3-Series. The vulnerabilities exists because the affected product fails to sanitize HTTP request parameter values, which can be used to construct a shell commands. This allows an attacker to execute arbitrary commands on the affected system as a root. Below CVE id’s has been assigned to … Continue reading “Linear eMerge E3 Multiple Security Vulnerabilities”

Qualys Discloses Multiple Vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway

Qualys Security Research Team has disclosed multiple vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway. Citrix has addressed these vulnerabilities in CTX232161. The affected versions and CVEs are listed below. CVE(s) Description Product Affected Version : Build CVE-2018-6810 Directory Traversal Vulnerability Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway < 12.0 : 57.19 < 11.1 : … Continue reading “Qualys Discloses Multiple Vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway”

Zoho ManageEngine OpManager 12.0 Multiple Vulnerabilities

Abstract: While doing our daily research for ThreatPROTECT, I came across ManageEngine, Zoho Corporation’s OpManager product. It is a network monitoring software that helps administrators discover, map, monitor and manage complete IT infrastructure thereby providing all the visibility and control that you need over your network. So we decided to use it for our internal … Continue reading “Zoho ManageEngine OpManager 12.0 Multiple Vulnerabilities”