Pathfynder's Bryan Clements co-authored a new CVE release: CVE-2020-12855, "NEProfile - Host Header Injection."
A host header injection vulnerability has been discovered in SecZetta's NEProfile product. Authenticated remote adversaries can poison the host header resulting in the attacker controlling response 302 execution flow. The issue affects version 3.3.11 and has not been tested on other versions of the product.
Nice work, Bryan. More to follow!
We are excited to announce that IntelMonkey is now Pathfynder!
Pathfynder embodies our expanded capability set and dedication to bringing the best cyber solutions to our customers in these uncertain times. Defeating tomorrow's cyber threats requires conviction, agility, and innovation. We are here for you. Any time. Any place.