Tag Archives: RCE

Over 12,000 KerioControl firewalls exposed to exploited RCE flaw

Over 12,000 KerioControl firewalls exposed to exploited RCE flaw

Over twelve thousand GFI KerioControl firewall instances are exposed to a critical remote code execution vulnerability tracked as CVE-2024-52875. KerioControl is a network security suite that small and medium-sized businesses use for VPNs, bandwidth management, reporting and monitoring, traffic filtering, AV protection, and intrusion prevention. The flaw in question was discovered in mid-December by security researcher Egidio Romano (EgiX), who …

Read More »

Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers

Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers

Software vendor Trimble is warning that hackers are exploiting a Cityworks deserialization vulnerability to remotely execute commands on IIS servers and deploy Cobalt Strike beacons for initial network access. Trimble Cityworks is a Geographic Information System (GIS)-centric asset management and work order management software designed primarily for local governments, utilities, and public works organizations. The product helps municipalities and infrastructure …

Read More »

Critical RCE bug in Microsoft Outlook now exploited in attacks

Critical RCE bug in Microsoft Outlook now exploited in attacks

CISA warned U.S. federal agencies on Thursday to secure their systems against ongoing attacks targeting a critical Microsoft Outlook remote code execution (RCE) vulnerability. Discovered by Check Point vulnerability researcher Haifei Li and tracked as CVE-2024-21413, the flaw is caused by improper input validation when opening emails with malicious links using vulnerable Outlook versions. The attackers gain remote code execution …

Read More »

Laravel admin package Voyager vulnerable to one-click RCE flaw

Laravel admin package Voyager vulnerable to one-click RCE flaw

Three vulnerabilities discovered in the open-source PHP package Voyager for managing Laravel applications could be used for remote code execution attacks. The issues remain unfixed and can be exploited against an authenticated Voyager user that clicks on a malicious link. Vulnerability researchers at SonarSource, a code quality and security company, say that they tried to report the flaws to the Voyager maintainers …

Read More »

SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks

SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks

SonicWall is warning about a pre-authentication deserialization vulnerability in SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), with reports that it has been exploited as a zero-day in attacks. The flaw, tracked as CVE-2025-23006 and rated critical (CVSS v3 score: 9.8), could allow remote unauthenticated attackers to execute arbitrary OS commands under specific conditions. The vulnerability affects all …

Read More »

Hackers exploit critical Aviatrix Controller RCE flaw in attacks

Hackers exploit critical Aviatrix Controller RCE flaw in attacks

Threat actors are exploiting a critical remote command execution vulnerability, tracked as CVE-2024-50603, in Aviatrix Controller instances to install backdoors and crypto miners. The Aviatrix Controller, part of the Aviatrix Cloud Networking Platform, enhances networking, security, and operational visibility for multi-cloud environments. It is used by enterprises, DevOps teams, network engineers, cloud architects, and managed service providers. Discovered by Jakub …

Read More »

Mobile Hacking Lab: Exploiting the Cyclic Scanner Android Service for RCE | by ASIF SHAIK | Jan, 2025

Mobile Hacking Lab: Exploiting the Cyclic Scanner Android Service for RCE | by ASIF SHAIK | Jan, 2025

Cyclic Scanner Payload: touch "n00b.txt; rm -rf Documents"adb push "n00b.txt; rm -rf Documents" /sdcard/ In this write-up, we’ll dive deep into the Cyclic Scanner Android app and exploit a command injection vulnerability to achieve Remote Code Execution (RCE). We’ll break down the app’s functionality, analyze the vulnerability, and walk through the exploitation process step by step. The Cyclic Scanner app …

Read More »