10
Incoming "spray and pray" attacks

Incoming "spray and pray" attacks

a year ago
Anonymous $gM56WhLPcK

https://www.bleepingcomputer.com/news/security/researchers-to-release-poc-exploit-for-critical-zoho-rce-bug-patch-now/

Proof-of-concept exploit code will be released later this week for a critical vulnerability allowing remote code execution (RCE) without authentication in several VMware products.

Tracked as CVE-2022-47966, this pre-auth RCE security flaw is due to using an outdated and vulnerable third-party dependency, Apache Santuario.

Incoming "spray and pray" attacks

Jan 16, 2023, 11:17pm UTC
https://www.bleepingcomputer.com/news/security/researchers-to-release-poc-exploit-for-critical-zoho-rce-bug-patch-now/ > Proof-of-concept exploit code will be released later this week for a critical vulnerability allowing remote code execution (RCE) without authentication in several VMware products. > Tracked as CVE-2022-47966, this pre-auth RCE security flaw is due to using an outdated and vulnerable third-party dependency, Apache Santuario.