Security researcher Andrew Klaus, from Cybera, discovered a hardcoded SSH public key in Fortinet’s Security Information and Event Management FortiSIEM that can be used in order to generate a denial of service against the FortiSIEM Supervisor.Continue reading “Security researcher found a hardcoded SSH Key in Fortinet SIEM appliances”
Many Proof-of-concept exploits has been released for the unpatched remote-code-execution vulnerability in the Citrix Application Delivery Controller and Citrix Gateway products.Continue reading “CVE-2019-19781: my clippings on the infamous Citrix Netscaler vulnerability”
Security researcher Omer Tsarfati from CyberArk has discovered  a vulnerability in Microsoft’s OAuth implementation that may allows attacker to create authentication tokens with the victim’s permissions.
This could let a malicious attacker access and control a victim’s account and take actions on their behalf.
Researchers from Paloalto Networks’ Unit42 discovered an issue in the implementation of the Docker cp command that can lead to full container escape if exploited by an attacker.
This would allow an attacker full root control of the host and all other containers in it.Continue reading “CVE-2019-14271: a Docker ‘cp’ container escape vulnerability”