Security News > 2024 > June > Exploit for critical Progress Telerik auth bypass released, patch now
Researchers have published a proof-of-concept exploit script demonstrating a chained remote code execution vulnerability on Progress Telerik Report Servers.
Cybersecurity researcher Sina Kheirkha developed the exploit with the help of Soroush Dalili and has now published a detailed write-up that describes the intricate process of exploiting two flaws, an authentication bypass and a deserialization issue, to execute code on the target.
Although exploiting the deserialization bug is complex, Kheirkhah's write-up and exploit Python script are publicly available, making the case pretty straightforward for aspiring attackers.
QNAP QTS zero-day in Share feature gets public RCE exploit.
PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers.
Exploit released for maximum severity Fortinet RCE bug, patch now.
News URL
Related news
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- 1000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole (source)
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
- Hackers exploit critical bug in Array Networks SSL VPN products (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)