authentication bypass flaw

Pierluigi Paganini March 27, 2022
Sophos Firewall affected by a critical authentication bypass flaw

Sophos has addressed a critical vulnerability, tracked as CVE-2022-1040, in its Sophos Firewall that allows remote code execution (RCE). Sophos has fixed an authentication bypass vulnerability, tracked as CVE-2022-1040, that resides in the User Portal and Webadmin areas of Sophos Firewall. The CVE-2022-1040 flaw received a CVSS score of 9.8 and impacts Sophos Firewall versions 18.5 MR3 (18.5.3) and earlier. […]

Pierluigi Paganini September 09, 2021
Zoho warns of zero-day authentication bypass flaw actively exploited

Zoho urges customers to address an authentication bypass vulnerability in its ManageEngine ADSelfService Plus that is actively exploited in the wild. Zoho has released a security patch to address an authentication bypass vulnerability, tracked as CVE-2021-40539, in its ManageEngine ADSelfService Plus. The company also warns the vulnerability is already exploited in attacks in the wild. […]

Pierluigi Paganini April 24, 2015
Magento Flaw Exploited in the Wild a few hours after disclosure

Sucuri revealed that cyber criminals are attempting to hijack online shops based on Magento platform by exploiting a recently disclosed critical flaw. According to the security experts at Sucuri firm, within 24 hours after the disclosure of the vulnerability in Magento platform, bad actors are already attempting to hack e-commerce websites using it. The experts traced back the attacks […]