Login
Start Free Trial
# Vulnerability Management

Blog

Have you missed them? The new reports feature is here!

May 14, 2023

Recent Posts

By Noa Machter
May 14, 2023

Have you missed them? The new reports feature is here!

our reports are back, and they are better than ever!
By Mohammad Hussam Alzeyyat
Apr 30, 2023

CVE-2021-45456 Apache Kylin RCE Exploit

This video of the exploitation script of the Apache Kylin RCE CVE-2021-45456
By Mohammad Hussam Alzeyyat
Apr 28, 2023

CVE-2021-45456: Apache Kylin Command Injection

In this analysis blog, I'm going to break down the Apache Kyling Command Injection CVE-2021-45456, explaining how it happens, and how to explain it.
By Mohammad Hussam Alzeyyat
Apr 27, 2023

CVE-2022-45875: Apache DolphinScheduler Remote Code Execution PoC

In a previous analysis blog, I explained how the Apache DolphinScheduler CVE-2022-45875 happens. in this, I'm explaining how to get remote access through RCE by exploiting Apache DolphinScheduler CVE-2022-45875 😈
By Mohammad Hussam Alzeyyat
Apr 26, 2023

CVE-2021-45456: Apache Kylin RCE PoC

Command injection in Apache Kylin has been found and registered as CVE-2021-45456, in vsociety we managed to leverage it to RCE and create PoC.
By Mohammad Hussam Alzeyyat
Apr 16, 2023

CVE-2020-17519: Apache Flink Directory Traversal Vulnerability

In this analysis, we are going to break down CVE-2020-17519. Understand how the directory traversal vulnerability happened, how the apache flink software decodes the URL encoding, also understand how it accesses and processes the file, and finally, see the patch diffing, and understand how they patched the vulnerability.
By Noa Machter
Apr 16, 2023

TOPIA's new CVE Trend Screen is out!

Viewing your protection journey with TOPIA has never been easier!
By Mohammad Hussam Alzeyyat
Apr 14, 2023

CVE-2022-45875: Apache DolphinScheduler vulnerable to Improper Input Validation leads to RCE

In this analysis, we are going to break down CVE-2022-45875. Understand how the command injection happened, see the patch diffing, understand how they patched, and finally give it a try to bypass the patch 😬
By Mohammad Hussam Alzeyyat
Mar 24, 2023

CVE-2023–23752: Joomla Unauthorized Access Vulnerability

In this blog, we are going to analyze the information disclosure in Joomla that allows an attacker to exploit it to gain unauthorized access. we will dive deep inside the flow of Joomla, how it works, and how the vulnerability happened.
By Mudassar Zafar
Mar 22, 2023

Apache Zero Days - Apache Spark Command Injection Vulnerability (CVE-2022-33891)

The Apache Spark command injection vulnerability (CVE-2022-33891) was discovered by the Sangfor FarSight Labs team and reported to the Apache Spark project team on July 18, 2022. The vulnerability was classified as high severity, with a CVSS (Common Vulnerability Scaling System) Base Score of 8.8, indicating a high potential impact.
By j00sean (https://twitter.com/j00sean)
Mar 01, 2023

CVE-2022-44666: Microsoft Windows Contacts (VCF/Contact/LDAP) syslink control href attribute escape vulnerability

My thoughts and more on this bug!
By Youssef Muhammad
Mar 01, 2023

KeePass Passwords Theft CVE-2023-240550

Analysis in-details for CVE-2023-240550-KeePass Passwords Theft and how to exfiltrate the data
By Mohammad Hussam Alzeyyat
Feb 28, 2023

CVE-2022–44267: Denial Of Service in ImageMagick

In this blog, we are going to take a ride check on the DoS that has been found in ImageMagick CVE-2022-44267. We will not be diving too much into the details, but make no mistake we will be having fun :D.
By Mohammad Hussam Alzeyyat
Feb 26, 2023

CVE-2022–44268: Arbitrary Remote Leak in ImageMagick

In this blog, I want to dive deep as much as I can to understand the execution details and how the vulnerability is achieved. This is CVE-2022-4426 a very interesting vulnerability where it leads to LFI and also it can be used for privilege escalation.
By Noa Machter
Feb 26, 2023

You can now filter by your agent version!

New Assets filter!