8分钟
漏洞的披露
Multiple Vulnerabilities in South River Technologies Titan MFT 和 Titan SFTP [FIXED]
As part of our continuing research project into managed file transfer risk, including JSCAPE MFT 和 Fortra Globalscape EFT Server, Rapid7 discovered several vulnerabilities in South River Technologies’ Titan MFT 和 Titan SFTP servers.
4分钟
漏洞的披露
CVE-2023-4528: Java Deserialization 脆弱性 in JSCAPE MFT (Fixed)
2023年8月, Rapid7 discovered CVE-2023-4528, a Java deserialization vulnerability in Redwood Software’s JSCAPE MFT secure managed file transfer product. 成功ful exploitation can run arbitrary Java code as the `root` on Linux or the `SYSTEM` user on Windows.
3分钟
紧急威胁响应
Exploitation of Juniper Networks SRX Series 和 EX Series Devices
8月17日, 2023, Juniper Networks published an out-of-b和 advisory on four different CVEs affecting Junos OS on SRX 和 EX Series devices. 成功ful exploitation would likely enable attackers to pivot to organizations’ internal networks.
22分钟
漏洞的披露
Multiple Vulnerabilities in Fortra Globalscape EFT Administration Server [FIXED]
Rapid7 has uncovered four issues in Fortra Globalscape EFT, the worst of which can lead to remote code execution.
33分钟
漏洞的披露
Multiple Vulnerabilities in Rocket Software UniRPC server (Fixed)
In early 2023, Rapid7 discovered several vulnerabilities in Rocket Software UniData UniRPC. We worked with the company to fix issues 和 coordinate this disclosure.
5分钟
漏洞的披露
CVE-2023-22374: F5 BIG-IP Format String 脆弱性
Rapid7 found an additional vulnerability in the appliance-mode REST interface. We reported it to F5 和 are now disclosing it in accordance with our vulnerability disclosure policy.
12分钟
漏洞的披露
CVE-2022-41622 和 CVE-2022-41800 (FIXED): F5 BIG-IP 和 iControl REST Vulnerabilities 和 Exposures
Rapid7 discovered several vulnerabilities 和 exposures in specific F5 BIG-IP 和 BIG-IQ devices in August 2022. 从那时起, members of our research team have worked with the vendor to discuss impact, 决议, 以及协调一致的反应.
8分钟
漏洞的披露
FLEXlm 和 Citrix ADM Denial of Service 脆弱性
Note: Updated October 20, 2022 to clarify that this bypasses CVE-2022-27512 和
not CVE-2022-27511, which has a different root cause.
On June 27, 2022, Citrix released an advisory
[http://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-和-cve202227512]
for CVE-2022-27511 [http://nvd.nist.gov/vuln/detail/CVE-2022-27511] 和
cve - 2022 - 27512 (http://nvd.nist.gov/vuln/detail/CVE-2022-27512], which affect
Citrix ADM (Application Del
3分钟
紧急威胁响应
Exploitation of Unpatched Zero-Day Remote Code Execution 脆弱性 in Zimbra Collaboration Suite (CVE-2022-41352)
CVE-2022-41352 is an unpatched remote code execution vulnerability in Zimbra Collaboration Suite discovered in the wild due to active exploitation.
2分钟
紧急威胁响应
CVE-2022-36804: Easily Exploitable 脆弱性 in Atlassian Bitbucket Server 和 Data Center
8月24日, 2022, Atlassian published an advisory for Bitbucket Server 和 Data Center alerting users to CVE-2022-36804.
2分钟
紧急威胁响应
Active Exploitation of F5 BIG-IP iControl REST CVE-2022-1388
5月4日, 2022, F5 released an advisory on CVE-2022-1388, a critical authentication bypass that leads to remote code execution in iControl REST.