Date archives: October 26, 2022

Advisory: Multiple Vulnerabilities in Progress Ipswitch WhatsUp Gold

Advisory: Multiple Vulnerabilities in Progress Ipswitch WhatsUp Gold
Summary The following vulnerabilities were discovered in Progress Ipswitch WhatsUp Gold: CVE-2022-29845: Local File Disclosure CVE-2022-29846: WhatsUp Gold Serial Number Disclosure CVE-2022-29847: Unauthenticated Server-Side Request Forgery (SSRF) CVE-2022-29848: Authenticated Server-Side Request Forgery (SSRF) The adivsory from Progress can be found here. Impact When combined, these vulnerabilities lead to a critical...

Cloudflare Pages, part 2: The two privescs

Cloudflare Pages, part 2: The two privescs
  Introduction OrangeRa1n Jailbreak Conclusion Part 3 Introduction Following on from our 1st story, we’ll be continuing the epic tale of our research into Cloudflare pages in this second installment. If you haven’t read part 1, you can read it here. We pick up where we left off, after harvesting...

Hacking a Bank by Finding a 0day in DotCMS

Hacking a Bank by Finding a 0day in DotCMS
  Introduction What is dotCMS? Code Analysis Making a PoC Hacking a Bank Vendor Response Remediation Advice Conclusion The advisory for this issue can be found here. The CVE for this issue is CVE-2022-26352. The advisory from dotCMS can be found here. This security research was performed by Hussein Daher...