Welcome to Nettitude Labs - LRQA Nettitude Labs

CVE-2024-20356: Jailbreaking a Cisco appliance to run DOOM

The Cisco C195 is a Cisco Email Security Appliance device. Its role is to act as an SMTP gateway on your network perimeter. This device (and the full range of appliance devices) is heavily locked [...]

By Aaron Thacker|April 18, 2024|

Introducing the MLCommons AI Safety v0.5 Proof of Concept

Artificial Intelligence (AI) has been making significant strides in recent years, with advancements in machine learning and deep learning techniques. However, as AI systems become more complex and powerful, ensuring their safety becomes increasingly critical. [...]

By Dave Parsons|April 18, 2024|

Flaw in PuTTY P-521 ECDSA signature generation leaks SSH private keys

This article provides a technical analysis of CVE-2024-31497, a vulnerability in PuTTY discovered by Fabian Bäumer and Marcus Brinkmann of the Ruhr University Bochum. PuTTY, a popular Windows SSH client, contains a flaw in its [...]

By Graham Sutherland|April 16, 2024|

Introducing SharpConflux

Today, we are releasing a new tool called SharpConflux, a .NET application built to facilitate Confluence exploration. It allows Red Team operators to easily investigate Confluence instances with the goal of finding credential material and [...]

By Jose Garcia|March 27, 2024|

CVE-2024-25153: Remote Code Execution in Fortra FileCatalyst

CVE-2024-25153, a critical Unsafe File Upload and Directory Traversal vulnerability in Fortra FileCatalyst, allows a remote unauthenticated attacker to gain Remote Code Execution (RCE) on the web server. This affects Fortra FileCatalyst Workflow 5.x, before [...]

By Tom Wedgbury|March 13, 2024|