AmberWolf Research
  • Home
  • Blog
  • Disclosure Policy
  • Main Site
to navigate to select ESC to close
  • Iain Smart Iain Smart
  • 17 Jan, 2025
    • Vulnerability
    • Kubernetes

Reproducing CVE-2024-9042: Command Injection in Windows Kubernetes Nodes

Recreating a vulnerability in log streaming via the Kubelet on Windows nodes

Read Article
  • David Cash David Cash
  • Richard Warren Richard Warren
  • 26 Dec, 2024
    • Vulnerability
    • Disclosure
    • PAM

Delinea Protocol Handler - Remote Code Execution via Update Process (CVE-2024-12908)

The Delinea Protocol Handler suffers from a Remote Code Execution vulnerability in the sslauncher URL handler. This could be exploited by a malicious …

Read Article
  • Richard Warren Richard Warren
  • David Cash David Cash
  • 26 Nov, 2024
    • Vulnerability
    • Disclosure

Introducing NachoVPN: One VPN Server to Pwn Them All

Is Your Corporate VPN Client Providing Access to More Than Just Your Employees?

Read Article
  • David Cash David Cash
  • Richard Warren Richard Warren
  • 26 Nov, 2024
    • Vulnerability Disclosure

Palo Alto GlobalProtect - RCE and Privilege Escalation via Malicious VPN Server (CVE-2024-5921)

Palo Alto GlobalProtect - RCE and Privilege Escalation via Malicious VPN Server (CVE-2024-5921)

Read Article
  • David Cash David Cash
  • Richard Warren Richard Warren
  • 26 Nov, 2024
    • Vulnerability Disclosure

SonicWall NetExtender for Windows - RCE as SYSTEM via EPC Client Update (CVE-2024-29014)

SonicWall NetExtender for Windows - RCE as SYSTEM via EPC Client Update (CVE-2024-29014)

Read Article
  • Richard Warren Richard Warren
  • 08 Oct, 2024
    • Vulnerability
    • Disclosure

Ivanti Connect Secure - Authenticated RCE via OpenSSL CRLF Injection (CVE-2024-37404)

Today, we are releasing the details of CVE-2024-37404, a zero-day vulnerability in the Ivanti Connect Secure product. This vulnerability allows an …

Read Article
  • 1
  • 2
  • 3
  • Main Site
  • Privacy

Copyright AmberWolf 2024