Pathfynder
  • Home
  • Cyber Solutions
    • Risk Assessments
    • Threat Hunting
    • Insider Threat
    • Offensive Security
    • vCISO
  • Our Company
    • The Team
    • Careers
  • Blog
  • Contact

The Guide

Pathfynder's Bryan Clements co-authored a new CVE release: CVE-2020-12855, "NEProfile - Host Header Injection."

8/26/2020

0 Comments

 
Description:

A host header injection vulnerability has been discovered in SecZetta's NEProfile product. Authenticated remote adversaries can poison the host header resulting in the attacker controlling response 302 execution flow. The issue affects version 3.3.11 and has not been tested on other versions of the product.

Nice work, Bryan. More to follow!

https://seclists.org/fulldisclosure/2020/Aug/17
0 Comments



Leave a Reply.

    Archives

    December 2020
    September 2020
    August 2020
    July 2020
    May 2020
    April 2020

    Categories

    All
    Active Adversary
    BOLO
    Case Study
    Cyber Threat
    Emerging Threat
    Industrial Manufacturing
    Insider Threat
    Logistics
    Malware
    Offensive Cyber
    Penetration Tests
    Phishing
    Ransomware
    Risk Assessments
    Shipping
    Spoofing
    Threat Hunting
    Threat Intelligence
    Work From Home

    RSS Feed

Contact
Privacy Policy
Logo & Mark
EULA
Blog
Pathfynder 2020 | All Rights Reserved
  • Home
  • Cyber Solutions
    • Risk Assessments
    • Threat Hunting
    • Insider Threat
    • Offensive Security
    • vCISO
  • Our Company
    • The Team
    • Careers
  • Blog
  • Contact