service-Effective-sec-item-img

The Blind Spots of Automated Web App Assessments

Showcasing why automated scanners might miss some very obvious bugs and how to deal with that.

Read more
service-Effective-sec-item-img

NC3 CTF Pwnable

How to solve the Doscember 1 and 2a challenges in the NC3 CTF.

Read more
service-Effective-sec-item-img

Building your first metasploit exploit

Comprehensive guide on how to convert your RCE vulnerability into a fully functional metasploit module, that will spawn any payload. We use CVE-2023-32781 as our example.

Read more
service-Effective-sec-item-img

WithSecure Elements Vulnerability to isolate all companies

How we could exploit a vulnerability in withsecure elements to shut down a company network through malicious isolation.

Read more
service-Effective-sec-item-img

PRTG Remote Code Execution - CVE-2023-32782

This post details the process of exploiting CVE-2023-32782 in PRTG to gain remote code execution.

Read more
service-Effective-sec-item-img

CVE-2023-32782 - PRTG RCE

Remote code execution in Dicom Query sensor as SYSTEM

Read more
service-Effective-sec-item-img

CVE-2023-32781 - PRTG RCE

Remote code execution in HL7 sensor as SYSTEM

Read more
service-Effective-sec-item-img

CVE-2023-31452 - PRTG CSRF

CSRF allowing the leakage of cleartext windows credentials over the network.

Read more
service-Effective-sec-item-img

CVE-2023-31451 - PRTG File Disclosure with Regex

Utilize regex feature for leaking sensitive configuration files

Read more
service-Effective-sec-item-img

CVE-2023-31450 - PRTG Path Traversal

Path traversal in SQL sensor

Read more
service-Effective-sec-item-img

CVE-2023-31449 - PRTG Path Traversal

Path traversal in WMI sensor

Read more
service-Effective-sec-item-img

CVE-2023-31448 - PRTG Path Traversal

Path traversal vulnerability was discovered in the HL7 sensor of PRTG

Read more
service-Effective-sec-item-img

CVE-2023-24037 - Nagios

Authentication bypass due to insecure timing comparison

Read more
service-Effective-sec-item-img

CVE-2023-24036 - Nagios

Open Redirect

Read more
service-Effective-sec-item-img

CVE-2023-24035 - Nagios

Authentication bypass due to insecure timing comparison

Read more
service-Effective-sec-item-img

CVE-2022-45871 - WithSecure fsicapd

Unauthed memory corruption in the fsicapd component leads to DoS

Read more
service-Effective-sec-item-img

CVE-2022-38165 - F-Secure Policy Manager (Unauthed arbitrary filewrite)

Unauthenticated arbitrary filewrite as SYSTEM

Read more
service-Effective-sec-item-img

CVE-2022-38162 - F-Secure Policy Manager

Multiple Cross-Site (XSS) Scripting vulnerabilities

Read more
service-Effective-sec-item-img

CVE-2022-28885 - F-Secure Policy Manager

Unauthed memory corruption in the fsicapd component leads to DoS

Read more
service-Effective-sec-item-img

CVE-2020-XXXX - BTCPay (XSS to leaked private key)

XSS which leads to a leaked private key, allowing wallet control

Read more
service-Effective-sec-item-img

CVE-2020-12480 - Play Framework (Global CSRF Bypass)

Global CSRF bypass due to RFC incompliance in HTTP header

Read more
service-Effective-sec-item-img

CVE-2019-XXXXX/fsc-2019-3 - F-secure Internet Gatekeeper (RCE)

Heap Based buffer overflow leads to Remote Code Execution

Read more
service-Effective-sec-item-img

CVE-2019-XXXX - Cerberus FTP (XSS to RCE)

Cerberus FTP login XSS leads to RCE

Read more
service-Effective-sec-item-img

CVE-2019-XXXXX/fsc-2019-4 - F-secure Server Security (RCE)

Remote Code Execution in F-secure Server Security

Read more
service-Effective-sec-item-img

CVE-2018-9191 - Fortinet FortiClient (LPE)

Fortinet IPC permission leads to local privilege escalation as SYSTEM

Read more