Ron Bowes的帖子

Multiple Vulnerabilities in South River Technologies Titan MFT 和 Titan SFTP [FIXED]

As part of our continuing research project into managed file transfer risk, including JSCAPE MFT 和 Fortra Globalscape EFT Server, Rapid7 discovered several vulnerabilities in South River Technologies’ Titan MFT 和 Titan SFTP servers.

4分钟漏洞的披露

CVE-2023-4528: Java Deserialization 脆弱性 in JSCAPE MFT (Fixed)

2023年8月, Rapid7 discovered CVE-2023-4528, a Java deserialization vulnerability in Redwood Software’s JSCAPE MFT secure managed file transfer product. 成功ful exploitation can run arbitrary Java code as the `root` on Linux or the `SYSTEM` user on Windows.

3分钟紧急威胁响应

Exploitation of Juniper Networks SRX Series 和 EX Series Devices

8月17日, 2023, Juniper Networks published an out-of-b和 advisory on four different CVEs affecting Junos OS on SRX 和 EX Series devices. 成功ful exploitation would likely enable attackers to pivot to organizations’ internal networks.

22分钟漏洞的披露

Multiple Vulnerabilities in Fortra Globalscape EFT Administration Server [FIXED]

Rapid7 has uncovered four issues in Fortra Globalscape EFT, the worst of which can lead to remote code execution.

33分钟漏洞的披露

Multiple Vulnerabilities in Rocket Software UniRPC server (Fixed)

In early 2023, Rapid7 discovered several vulnerabilities in Rocket Software UniData UniRPC. We worked with the company to fix issues 和 coordinate this disclosure.

5分钟漏洞的披露

CVE-2023-22374: F5 BIG-IP Format String 脆弱性

Rapid7 found an additional vulnerability in the appliance-mode REST interface. We reported it to F5 和 are now disclosing it in accordance with our vulnerability disclosure policy.

12分钟漏洞的披露

CVE-2022-41622 和 CVE-2022-41800 (FIXED): F5 BIG-IP 和 iControl REST Vulnerabilities 和 Exposures

Rapid7 discovered several vulnerabilities 和 exposures in specific F5 BIG-IP 和 BIG-IQ devices in August 2022. 从那时起, members of our research team have worked with the vendor to discuss impact, 决议, 以及协调一致的反应.

8分钟漏洞的披露

FLEXlm 和 Citrix ADM Denial of Service 脆弱性

Note: Updated October 20, 2022 to clarify that this bypasses CVE-2022-27512 和 not CVE-2022-27511, which has a different root cause. On June 27, 2022, Citrix released an advisory [http://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-和-cve202227512] for CVE-2022-27511 [http://nvd.nist.gov/vuln/detail/CVE-2022-27511] 和 cve - 2022 - 27512 (http://nvd.nist.gov/vuln/detail/CVE-2022-27512], which affect Citrix ADM (Application Del

3分钟紧急威胁响应

Exploitation of Unpatched Zero-Day Remote Code Execution 脆弱性 in Zimbra Collaboration Suite (CVE-2022-41352)

CVE-2022-41352 is an unpatched remote code execution vulnerability in Zimbra Collaboration Suite discovered in the wild due to active exploitation.

2分钟紧急威胁响应

CVE-2022-36804: Easily Exploitable 脆弱性 in Atlassian Bitbucket Server 和 Data Center

8月24日, 2022, Atlassian published an advisory for Bitbucket Server 和 Data Center alerting users to CVE-2022-36804.

2分钟紧急威胁响应

Active Exploitation of F5 BIG-IP iControl REST CVE-2022-1388

5月4日, 2022, F5 released an advisory on CVE-2022-1388, a critical authentication bypass that leads to remote code execution in iControl REST.