Category: Disclosures

Palo Alto Expedition: From N-Day to Full Compromise

October 9, 2024 | Attack Blogs, Attack Research, Disclosures

On July 10, 2024, Palo Alto released a security advisory for CVE-2024-5910, a vulnerability which allowed attackers to remotely reset the Expedition application admin credentials. While we had never heard of Expedition application before, it’s advertised as: The purpose of this tool is to help reduce the time and efforts of migrating a configuration from a supported vendor to Palo...

CVE-2024-28987: SolarWinds Web Help Desk Hardcoded Credential Vulnerability Deep-Dive

September 25, 2024 | Attack Blogs, Attack Research, Disclosures

On August 13, 2024, SolarWinds released a security advisory for Web Help Desk (WHD) that detailed a deserialization remote code execution vulnerability. This vulnerability, CVE-2024-28986, was added to CISA’s Known Exploited Vulnerability (KEV) catalog two days later on August 15, 2024. The advisory states: SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution...

NTLM Credential Theft in Python Windows Applications

August 23, 2024 | Attack Blogs, Attack Research, Disclosures

This post walks through the vulnerabilities we disclosed affecting Gradio, and our work with Hugging Face to harden the Spaces platform after a recently reported potential breach.

Traccar 5 Remote Code Execution Vulnerabilities

August 23, 2024 | Attack Blogs, Attack Research, Disclosures

This post walks through the vulnerabilities we disclosed affecting Gradio, and our work with Hugging Face to harden the Spaces platform after a recently reported potential breach.

Exploiting File Read Vulnerabilities in Gradio to Steal Secrets from Hugging Face Spaces

June 14, 2024 | Attack Blogs, Attack Research, Disclosures

This post walks through the vulnerabilities we disclosed affecting Gradio, and our work with Hugging Face to harden the Spaces platform after a recently reported potential breach.

CVE-2024-23108: Fortinet FortiSIEM 2nd Order Command Injection Deep-Dive

May 28, 2024 | Attack Blogs, Disclosures

In November of 2023, preparing for a call for papers, I attempted to investigate the FortiSIEM patch for CVE-2023-34992. I kindly inquired with the PSIRT if I could have access to the most recent versions to some of their appliances to validate the patches, to which they declined. Acquiring access a different way, I eventually was able to analyze the...

Security Strategies

Industry Insights

Attack Research

Attack Content

Security Strategies

Industry Insights

Attack Research

Attack Content

Disclosures

Filters

How can NodeZero help you?