PrintNightmare is a set of software vulnerabilities around Windows’ Print Spooler service. It was originally disclosed in July as CVE-2021-34527 – a print spooler remote code execution – and CVE-2021-1675 – a print spooler privilege escalation. They allow an attacker...
A few weeks ago, we released a blogpost about an authenticated RCE we found in Pulse Connect Secure (CVE-2020-8218). In that post, we mentioned that we discovered more vulnerabilities. Four vulnerabilities were discovered on Pulse Secure Connect, a VPN (Virtual...
Update: A full remote pre-authentication exploitation chain proof of concept has been documented by our team now that Pulse Secure made all the software patches available. During an engagement, we discovered a Pulse Secure SSL VPN running the version 9.1R7, which was...
An Authenticated Remote Code Execution (RCE) vulnerability was discovered on Vera, a platform for digital asset management used in the printing industry. The application allows an authenticated user to change the logo on the Website. An attacker can use this feature...