Shakeel Bhat, Author at SecPod Blog

SIGRed – Microsoft Windows DNS Server RCE Vulnerability (CVE-2020-1350)

Post author:Shakeel Bhat
Post published:July 16, 2020
Post category:Security Research and Intelligence
Reading time:6 mins read

A critical and wormable 17 years-old vulnerability has been discovered in Microsoft Windows DNS Servers which can allow an attacker…

F5 BIG-IP Devices Under Active Exploitation (CVE-2020-5902)

Post author:Shakeel Bhat
Post published:July 7, 2020
Post category:Category(Default) - Do Not Use This Security Research and Intelligence
Reading time:5 mins read

F5 BIG-IP is a multi-purpose networking device manufactured by F5 Networks which can be configured to work as traffic shaping…

SaltStack Salt Critical Vulnerabilities Under Active Exploitation

Post author:Shakeel Bhat
Post published:May 4, 2020
Post category:Security Research and Intelligence
Reading time:4 mins read

SaltStack Salt is a very popular open-source remote task and configuration management framework widely used in data centers and cloud…

OpenBSD Authentication Bypass and Local Privilege Escalation Vulnerabilities

Post author:Shakeel Bhat
Post published:December 6, 2019
Post category:Security Research and Intelligence
Reading time:8 mins read

OpenBSD is a free and open-source Unix-like operating system based on the Berkeley Software Distribution (BSD). It is widely regarded…

ALERT: iTerm2 Critical Remote Code Execution Vulnerability

Post author:Shakeel Bhat
Post published:October 11, 2019
Post category:Security Research and Intelligence
Reading time:2 mins read

iTerm2 is one of the most popular macOS terminal emulator and is a default choice for developers and administrators due…

Tens of Thousands of vBulletin Forums Wildly Being Exploited (CVE-2019-16759)

Post author:Shakeel Bhat
Post published:September 27, 2019
Post category:Security Research and Intelligence
Reading time:4 mins read

A critical remote code execution (RCE) vulnerability affecting one of the widely used internet forum software vBulletin has been publicly…

ALERT: Squid Web Proxy Cache Server Remote Code Execution Vulnerability (CVE-2019-12527)

Post author:Shakeel Bhat
Post published:August 27, 2019
Post category:Security Research and Intelligence
Reading time:4 mins read

Squid is an open-source web caching and Internet proxy application which is widely used for speeding up the webserver and…

ALERT: ProFTPD Server Arbitrary File Copy Vulnerability (CVE-2019-12815)

Post author:Shakeel Bhat
Post published:July 24, 2019
Post category:Security Research and Intelligence
Reading time:3 mins read

ProFTPd is an open-source, cross-platform FTP server and is one among the most popular FTP servers used in Unix-like environments.…

ALERT: HAWKBALL Backdoor exploiting Microsoft Office Vulnerabilities

Post author:Shakeel Bhat
Post published:June 24, 2019
Post category:Security Research and Intelligence
Reading time:3 mins read

A campaign targeting government organizations in Central Asia was discovered delivering a backdoor named HAWKBALL Exploit. This backdoor can collect…

ALERT: Another Deserialization RCE Vulnerability in Oracle WebLogic Server (CVE-2019-2729) Exploited in the Wild

Post author:Shakeel Bhat
Post published:June 20, 2019
Post category:Security Research and Intelligence
Reading time:4 mins read

image credit: blogs.oracle.com Oracle has released an out-of-band security update to address a critical oracle weblogic server deserialization rce. A…