CVE-2024-20356: Jailbreaking a Cisco appliance to run DOOM
The Cisco C195 is a Cisco Email Security Appliance device. Its role is to act as an SMTP gateway on your network perimeter. This device (and the full range of appliance devices) is [...]
The Cisco C195 is a Cisco Email Security Appliance device. Its role is to act as an SMTP gateway on your network perimeter. This device (and the full range of appliance devices) is [...]
This article provides a technical analysis of CVE-2024-31497, a vulnerability in PuTTY discovered by Fabian Bäumer and Marcus Brinkmann of the Ruhr University Bochum. PuTTY, a popular Windows SSH client, contains a flaw [...]
Security cameras are an important tool for protecting homes and businesses. While they provide valuable assurance for physical assets, they also often expose interfaces that allow users to manage the device over the [...]
Download PwnlyOffice GitHub: https://github.com/nettitude/pwnlyoffice Background About 18 months ago, I was conducting a pentest of a document management platform. It was designed with the goal of providing a secure document storage and sharing [...]
During the course of our work, Nettitude have identified a stored Cross-Site Scripting (XSS) vulnerability within the CrushFTP web interface. CrushFTP is a file transfer server which supports multiple file transfer protocols, and [...]
Nettitude identified two stored Cross Site Scripting (XSS) vulnerabilities within Vanderbilt REDCap. These have been assigned CVE-2022-24004 & CVE-2022-24127. REDCap is a web application which allows the creation and management of online surveys [...]
Following yesterday's Microsoft VPN vulnerability, today we're presenting CVE-2022-23270, which is another windows VPN Use after Free (UaF) vulnerability that was discovered through reverse engineering and fuzzing the raspptp.sys kernel driver. This presents [...]
Programming frameworks have gained popularity due to their ability to make software development easier than using the underlying language alone. However, when developers don’t fully understand how framework functionality can be abused by [...]
Nettitude have identified a Cross Site Scripting (XSS) vulnerability within Event Espresso Core. Event Espresso is a WordPress plugin which provides online event registration and ticket management. Versions 4.10.6.p and below allow remote [...]
During the course of our work, we discovered an open redirect vulnerability in Episerver Find. This has been assigned CVE-2020-24550. The Episerver platform includes content management, e-commerce functionality, marketing automation, and search and [...]