Overview Recently, NSFOCUS CERT detected that Palo Alto Networks issued a security announcement and fixed the identity bypass vulnerability in PAN-OS (CVE-2025-0108). Due to the problem of path processing by Nginx/Apache in PAN-OS, unauthenticated attackers can bypass authentication to access the management web interface of PAN-OS device and call some PHP scripts, thus obtaining sensitive…
Category: Emergency Response
Blog, CVE-2025-21391, CVE-2025-21418, Emergency Response, Global Security News, Microsoft, Microsoft vulnerabilities, SBN News, Security Bloggers Network, Windows, Windows vulnerability
Microsoft Security Update Notification in February of High-Risk Vulnerabilities in Multiple Products
Overview On February 12, NSFOCUS CERT detected that Microsoft released a security update patch for February, which fixed 63 security issues involving widely used products such as Windows, Microsoft Office, Azure, Apps, and Microsoft Visual Studio, including high-risk vulnerabilities such as privilege escalation and remote code execution. Among the vulnerabilities fixed in Microsoft’s monthly update…
Blog, CVE-2024-49113, Emergency Response, Global Security News, Security Bloggers Network, Windows LDAP
Windows LDAP Denial of Service Vulnerability (CVE-2024-49113) Alert
Overview Recently, NSFOCUS CERT detected that the details of Windows LDAP remote code execution vulnerability (CVE-2024-49113) were disclosed. Due to an out-of-bounds read vulnerability in wldap32.dll of Windows LDAP service, an unauthenticated attacker can induce a target server (as an LDAP client) to initiate a query request to a malicious LDAP server controlled by the…
Adobe, Adobe ColdFusion, Blog, CVE-2024-53961, Emergency Response, Global Security News, Security Bloggers Network
Adobe ColdFusion Any File Read Vulnerability (CVE-2024-53961)
Overview Recently, NSFOCUS CERT detected that Adobe issued a security announcement and fixed any file read vulnerability in Adobe ColdFusion (CVE-2024-53961). Due to improper restrictions on pathnames in Adobe ColdFusion, unauthenticated attackers can bypass the application’s restrictions to read files or directories outside of the restricted directory. As a result, sensitive information may be disclosed…