SysOwned, Your Friendly Support Ticket - SysAid On-Premise Pre-Auth RCE Chain (CVE-2025-2775 And Friends) 文章揭示了SysAid On-Prem软件中的三个预认证XXE漏洞和一个后认证命令注入漏洞，允许攻击者提取敏感信息并最终实现远程代码执行。这些漏洞影响了版本23.3.40及以下，并已被修复。... 2025-5-7 09:38:3 | 阅读: 55 | 收藏 | 0day Fans - labs.watchtowr.com sysaid

SonicBoom, From Stolen Tokens to Remote Shells - SonicWall SMA (CVE-2023-44221, CVE-2024-38475) 文章分析了SonicWall SMA设备的两个漏洞：CVE-2024-38475（Apache HTTP服务器中的任意文件读取）和CVE-2023-44221（命令注入），并展示了如何利用这些漏洞实现预认证文件读取和后认证命令执行。通过结合这两个漏洞，攻击者可以绕过身份验证并获得管理权限。文章还提供了检测工具以帮助组织识别暴露状态。... 2025-5-1 22:31:33 | 阅读: 20 | 收藏 | 0day Fans - labs.watchtowr.com escaped orange rewriterule traceroute6

Fire In The Hole, We’re Breaching The Vault - Commvault Remote Code Execution (CVE-2025-34028) 文章描述了Commvault数据保护解决方案中发现的远程代码执行漏洞（CVE-2025-34028），该漏洞通过预认证SSRF和任意文件写入实现。研究人员利用deployWebpackage.do和deployServiceCommcell.do端点上传恶意文件并成功执行代码。Commvault在一周内发布补丁并修复了该漏洞。... 2025-4-24 10:2:49 | 阅读: 48 | 收藏 | 0day Fans - labs.watchtowr.com commvault servicepack dist

Is The Sofistication In The Room With Us? - X-Forwarded-For and Ivanti Connect Secure (CVE-2025-22457) 文章描述了Ivanti Connect Secure设备中的一个严重漏洞（CVE-2025-22457），该漏洞最初被误判为低风险但后来被发现可被远程利用以实现代码执行。攻击者通过构造包含大量数字和点的X-Forwarded-For头触发缓冲区溢出。尽管Ivanti早在2月就发布了补丁（版本22.7R2.6），但许多用户可能尚未更新，导致漏洞仍被活跃利用。... 2025-4-4 13:46:56 | 阅读: 52 | 收藏 | 0day Fans - labs.watchtowr.com ivanti 7r2 watchtowr overflow appliance

XSS To RCE By Abusing Custom File Handlers - Kentico Xperience CMS (CVE-2025-2748) 研究人员发现Kentico Xperience CMS存在从跨站脚本（XSS）到远程代码执行（RCE）的漏洞链。攻击者可利用未认证资源处理程序读取文件，并通过临时文件上传功能上传ZIP文件中的恶意SVG文件触发XSS。结合 Kentico 的内置功能，特权用户可进一步实现RCE。该漏洞已在版本13.0.178中修复，厂商表现出专业和积极的态度。... 2025-4-1 09:58:44 | 阅读: 21 | 收藏 | 0day Fans - labs.watchtowr.com kentico ashx

By Executive Order, We Are Banning Blacklists - Domain-Level RCE in Veeam Backup & Replication (CVE-2025-23120) 这篇文章揭示了Veeam Backup & Replication中的两个远程代码执行（RCE）漏洞（WT-2025-0014和WT-2025-0015），源于反序列化黑名单机制的缺陷。攻击者可利用未列入黑名单的xmlFrameworkDs和BackupSummary类实现RCE。尽管Veeam修补了先前漏洞，但其依赖黑名单的安全措施仍存在风险。研究强调应采用白名单机制以提高安全性。... 2025-3-20 02:50:55 | 阅读: 48 | 收藏 | 0day Fans - labs.watchtowr.com veeam backup blacklist

Bypassing Authentication Like It’s The ‘90s - Pre-Auth RCE Chain(s) in Kentico Xperience CMS 文章描述了研究人员在 Kentico Xperience CMS 中发现的多个安全漏洞，包括认证绕过（WT-2025-0006 和 WT-2025-0011）和远程代码执行（WT-2025-0007）。这些漏洞通过利用过时的 Microsoft Web Services Enhancements 3.0 库和配置问题实现。攻击者可借此完全控制 CMS 系统。 Kentico 已发布补丁修复部分漏洞，但建议避免使用过时库以防止类似问题。... 2025-3-17 12:24:26 | 阅读: 12 | 收藏 | 0day Fans - labs.watchtowr.com wsse username wss oasis kentico

The Best Security Is When We All Agree To Keep Everything Secret (Except The Secrets) - NAKIVO Backup & Replication (CVE-2024-48248) 文章描述了NAKIVO Backup and Replication软件中的一个未认证的任意文件读取漏洞（CVE-2024-48248），该漏洞允许攻击者读取服务器上的任意文件，包括备份数据和敏感凭证。通过利用此漏洞，攻击者可以获取存储的凭据并控制整个基础设施。NAKIVO在版本11.0.0.88174中修复了此漏洞。... 2025-2-26 11:0:9 | 阅读: 32 | 收藏 | 0day Fans - labs.watchtowr.com nakivo backup replication annotation

8 Million Requests Later, We Made The SolarWinds Supply Chain Attack Look Amateur Surprise surprise, we've done it again. We've demonstrated an ability to compromise sig... 2025-2-4 11:0:3 | 阅读: 12 | 收藏 | 0day Fans - labs.watchtowr.com abandoned buckets security bosh

Get FortiRekt, I am the Super_Admin Now - FortiOS Authentication Bypass CVE-2024-55591 Welcome to Monday, and what an excitingly fresh start to the week we're all having. Gra... 2025-1-27 18:0:26 | 阅读: 33 | 收藏 | 0day Fans - labs.watchtowr.com authparams watchtowr appliance

Exploitation Walkthrough and Techniques - Ivanti Connect Secure RCE (CVE-2025-0282) As we saw in our previous blogpost, we fully analyzed Ivanti’s most recent unauthentica... 2025-1-12 08:44:54 | 阅读: 10 | 收藏 | 0day Fans - labs.watchtowr.com 0x00000000 vtable epmessage

Do Secure-By-Design Pledges Come With Stickers? - Ivanti Connect Secure RCE (CVE-2025-0282) Did you have a good break? Have you had a chance to breathe? Wake up.It’s 2025, and the... 2025-1-10 01:30:57 | 阅读: 13 | 收藏 | 0day Fans - labs.watchtowr.com client ivanti reqbuf ift

Backdooring Your Backdoors - Another $20 Domain, More Governments After the excitement of our .MOBI research, we were left twiddling our thumbs. As you m... 2025-1-8 10:59:43 | 阅读: 6 | 收藏 | 0day Fans - labs.watchtowr.com shells php backdoors odayexp ahem