XSS To RCE By Abusing Custom File Handlers - Kentico Xperience CMS (CVE-2025-2748) 研究人员发现Kentico Xperience CMS存在从跨站脚本（XSS）到远程代码执行（RCE）的漏洞链。攻击者可利用未认证资源处理程序读取文件，并通过临时文件上传功能上传ZIP文件中的恶意SVG文件触发XSS。结合 Kentico 的内置功能，特权用户可进一步实现RCE。该漏洞已在版本13.0.178中修复，厂商表现出专业和积极的态度。... 2025-4-1 09:58:44 | 阅读: 17 | 收藏 | 0day Fans - labs.watchtowr.com kentico ashx

By Executive Order, We Are Banning Blacklists - Domain-Level RCE in Veeam Backup & Replication (CVE-2025-23120) 这篇文章揭示了Veeam Backup & Replication中的两个远程代码执行（RCE）漏洞（WT-2025-0014和WT-2025-0015），源于反序列化黑名单机制的缺陷。攻击者可利用未列入黑名单的xmlFrameworkDs和BackupSummary类实现RCE。尽管Veeam修补了先前漏洞，但其依赖黑名单的安全措施仍存在风险。研究强调应采用白名单机制以提高安全性。... 2025-3-20 02:50:55 | 阅读: 45 | 收藏 | 0day Fans - labs.watchtowr.com veeam backup blacklist

Bypassing Authentication Like It’s The ‘90s - Pre-Auth RCE Chain(s) in Kentico Xperience CMS 文章描述了研究人员在 Kentico Xperience CMS 中发现的多个安全漏洞，包括认证绕过（WT-2025-0006 和 WT-2025-0011）和远程代码执行（WT-2025-0007）。这些漏洞通过利用过时的 Microsoft Web Services Enhancements 3.0 库和配置问题实现。攻击者可借此完全控制 CMS 系统。 Kentico 已发布补丁修复部分漏洞，但建议避免使用过时库以防止类似问题。... 2025-3-17 12:24:26 | 阅读: 9 | 收藏 | 0day Fans - labs.watchtowr.com wsse username wss oasis kentico

The Best Security Is When We All Agree To Keep Everything Secret (Except The Secrets) - NAKIVO Backup & Replication (CVE-2024-48248) 文章描述了NAKIVO Backup and Replication软件中的一个未认证的任意文件读取漏洞（CVE-2024-48248），该漏洞允许攻击者读取服务器上的任意文件，包括备份数据和敏感凭证。通过利用此漏洞，攻击者可以获取存储的凭据并控制整个基础设施。NAKIVO在版本11.0.0.88174中修复了此漏洞。... 2025-2-26 11:0:9 | 阅读: 28 | 收藏 | 0day Fans - labs.watchtowr.com nakivo backup replication annotation

8 Million Requests Later, We Made The SolarWinds Supply Chain Attack Look Amateur Surprise surprise, we've done it again. We've demonstrated an ability to compromise sig... 2025-2-4 11:0:3 | 阅读: 7 | 收藏 | 0day Fans - labs.watchtowr.com abandoned buckets security bosh

Get FortiRekt, I am the Super_Admin Now - FortiOS Authentication Bypass CVE-2024-55591 Welcome to Monday, and what an excitingly fresh start to the week we're all having. Gra... 2025-1-27 18:0:26 | 阅读: 29 | 收藏 | 0day Fans - labs.watchtowr.com authparams watchtowr appliance

Exploitation Walkthrough and Techniques - Ivanti Connect Secure RCE (CVE-2025-0282) As we saw in our previous blogpost, we fully analyzed Ivanti’s most recent unauthentica... 2025-1-12 08:44:54 | 阅读: 6 | 收藏 | 0day Fans - labs.watchtowr.com 0x00000000 vtable epmessage

Do Secure-By-Design Pledges Come With Stickers? - Ivanti Connect Secure RCE (CVE-2025-0282) Did you have a good break? Have you had a chance to breathe? Wake up.It’s 2025, and the... 2025-1-10 01:30:57 | 阅读: 9 | 收藏 | 0day Fans - labs.watchtowr.com client ivanti reqbuf ift

Backdooring Your Backdoors - Another $20 Domain, More Governments After the excitement of our .MOBI research, we were left twiddling our thumbs. As you m... 2025-1-8 10:59:43 | 阅读: 4 | 收藏 | 0day Fans - labs.watchtowr.com shells php backdoors odayexp ahem