Confluence Server OGNL Injection: CVE-2021-26084

Confluence Server OGNL Injection: CVE-2021-26084

On August 25, 2021, Atlassian released a security advisory for CVE-2021-26084, an OGNL injection vulnerability found within a component of Confluence Server and Data Center. This critical vulnerability allows an unauthenticated attacker to execute arbitrary commands...

ProxyShell: More Ways for More Shells

ProxyShell: More Ways for More Shells

In August, Orange Tsai released details and also spoke at BlackHat and DEFCON detailing his security research into Microsoft Exchange. His latest blog post details a series of vulnerabilities dubbed ProxyShell. ProxyShell is a chain of three vulnerabilities:...

Product Updates from our CTO

Product Updates from our CTO

The engineering team has been working tirelessly to improve the "what to wow" user experience, add more attack content, add indicators of best practices and improve analytical insights. Improving our "what to wow" user experience – In security, there are two types of...

CVE-2021-27927: CSRF to RCE Chain in Zabbix

Zabbix is an enterprise IT network and application monitoring solution. In a routine review of its source code, we discovered a CSRF (cross-site request forgery) vulnerability in the authentication component of the Zabbix UI. Using this vulnerability, an unauthenticated attacker can take over the Zabbix administrator’s account if the attacker can persuade the Zabbix administrator to follow a malicious link. This vulnerability is exploitable in all browsers even with the default SameSite=Lax cookie protection in place. The vulnerability is fixed in Zabbix versions 4.0.28rc1, 5.0.8rc1, 5.2.4rc1, and 5.4.0alpha1.

POC CVE-2021-21972

POC CVE-2021-21972

Write the file supplied in the –file argument to the location specified in the –path argument. The file will be written in the context of the vsphere-ui user. If the target is vulnerable, but the exploit fails, it is likely that the vsphere-ui user does not have permissions to write to the specified path.

Unauthenticated XSS to Remote Code Execution Chain in Mautic < 3.2.4

Mautic is widely used open source software for marketing automation. While researching the application and its source code on Github, we discovered an attack chain whereby an unauthenticated attacker could gain remote code execution privileges on the server hosting Mautic by abusing a stored XSS vulnerability. The issues raised in this post, CVE-2020-35124 and CVE-2020-35125, have been fixed in Mautic 3.2.4.

CVE-2020-29437: Authenticated SQL Injection in OrangeHRM < 4.6.0.1

OrangeHRM is software for Human Resource Management (HRM). In a routine audit of the open source version of OrangeHRM, we discovered a SQL injection vulnerability in the “Buzz” module, an integrated social media tool within the software.

Authenticated low privilege users can use this vulnerability to disclose the full contents of the OrangeHRM database, including sensitive user personal information and password hashes. It’s also possible to execute a denial of service attack to bring down the application.

How can NodeZero help you?

Let our experts walk you through a demonstration of NodeZero, so you can see how to put it to work for your company.