Iain Smart- 17 Jan, 2025
Reproducing CVE-2024-9042: Command Injection in Windows Kubernetes Nodes
Recreating a vulnerability in log streaming via the Kubelet on Windows nodes
Read Article
David Cash
Richard Warren- 26 Dec, 2024
Delinea Protocol Handler - Remote Code Execution via Update Process (CVE-2024-12908)
The Delinea Protocol Handler suffers from a Remote Code Execution vulnerability in the sslauncher URL handler. This could be exploited by a malicious …
Read Article-
Richard Warren
-
David Cash
- 26 Nov, 2024
Introducing NachoVPN: One VPN Server to Pwn Them All
Is Your Corporate VPN Client Providing Access to More Than Just Your Employees?
Read Article-
David Cash
-
Richard Warren
- 26 Nov, 2024
Palo Alto GlobalProtect - RCE and Privilege Escalation via Malicious VPN Server (CVE-2024-5921)
Palo Alto GlobalProtect - RCE and Privilege Escalation via Malicious VPN Server (CVE-2024-5921)
Read Article-
David Cash
-
Richard Warren
- 26 Nov, 2024
SonicWall NetExtender for Windows - RCE as SYSTEM via EPC Client Update (CVE-2024-29014)
SonicWall NetExtender for Windows - RCE as SYSTEM via EPC Client Update (CVE-2024-29014)
Read Article-
Richard Warren
- 08 Oct, 2024
Ivanti Connect Secure - Authenticated RCE via OpenSSL CRLF Injection (CVE-2024-37404)
Today, we are releasing the details of CVE-2024-37404, a zero-day vulnerability in the Ivanti Connect Secure product. This vulnerability allows an …
Read Article