Horizon3.ai
Horizon3.ai

Attack Research

Filters

Tags
Reset

Showing 73–76 of 76 results

Proof of Concept Exploit

POC CVE-2021-21972

February 24, 2021 |

Write the file supplied in the --file argument to the location specified in the --path argument. The file will be written in the context of the vsphere-ui user. If the target is vulnerable, but the exploit fails, it is likely that the vsphere-ui user does not have permissions to write to the specified path.
Read More

Unauthenticated XSS to Remote Code Execution Chain in Mautic < 3.2.4

January 24, 2021 |

Mautic is widely used open source software for marketing automation. While researching the application and its source code on Github, we discovered an attack chain whereby an unauthenticated attacker could gain remote code execution privileges on the server hosting Mautic by abusing a stored XSS vulnerability. The issues raised in this post, CVE-2020-35124 and CVE-2020-35125, have been fixed in Mautic...
Read More

CVE-2020-29437: Authenticated SQL Injection in OrangeHRM < 4.6.0.1

January 5, 2021 |

OrangeHRM is software for Human Resource Management (HRM). In a routine audit of the open source version of OrangeHRM, we discovered a SQL injection vulnerability in the "Buzz" module, an integrated social media tool within the software. Authenticated low privilege users can use this vulnerability to disclose the full contents of the OrangeHRM database, including sensitive user personal information and...
Read More

How can NodeZero help you?

Let our experts walk you through a demonstration of NodeZero, so you can see how to put it to work for your company.

Schedule a Demo