Category: Attack Blogs | Page 3

March 14, 2024 | Attack Blogs, Disclosures

Early in 2023, soon after reproducing a remote code execution vulnerability for the Fortinet FortiNAC, I was on the hunt…

March 11, 2024 | Attack Blogs, Disclosures

NextChat a.k.a ChatGPT-Next-Web, a popular Gen AI ChatBot, is vulnerable to a critical server-side request forgery (SSRF) vulnerability.

March 6, 2024 | Attack Blogs

On February 27, 2024, Progress released a security advisory for OpenEdge, their application development and deployment platform suite. The advisory…

February 21, 2024 | Attack Blogs

Introduction On February 19, 2023, ConnectWise published a security advisory for their ScreenConnect remote management tool. In the advisory, they describe…

February 6, 2024 | Attack Blogs

Introduction Memory safety issues have plagued the software industry for decades. The Cybersecurity & Infrastructure Security Agency (CISA) has been…

January 29, 2024 | Attack Blogs

CVE-2024-23897: Assessing the Impact of the Jenkins Arbitrary File Leak Vulnerability.

January 23, 2024 | Attack Blogs

On January 22, 2024 Fortra posted a security advisory for their GoAnywhere MFT product. This advisory details an authentication bypass…

January 12, 2024 | Attack Blogs, Disclosures

Mirth Connect, by NextGen HealthCare, is an open source data integration platform widely used by healthcare companies. Versions prior to…

January 12, 2024 | Attack Blogs, Disclosures

Introduction Back in Aug. 2023 we released an advisory for CVE-2023-39143, a critical vulnerability that affects Windows installs of the…

October 30, 2023 | Attack Blogs

Introduction This post is a follow up to https://horizon3.ai/attack-research/attack-blogs/cisco-ios-xe-cve-2023-20198-theory-crafting/. Previously, we explored the patch for CVE-2023-20273 and CVE-2023-20198 affecting Cisco…

Attack Blogs

Filter Content: