This article is about the recently published security advisory for a pretty popular software, fail2ban (CVE-2021-32749). It is about a bug that may lead to Remote Code Execution.
Tag: RCE
Why you can not always trust web server logs?
Sketching the situation Let’s suppose we do a server post-breach analysis and manage to state the following: external access is possible only through a web application, and the web server is running with the privileges of an unprivileged user, the application is out-of-date and contains publicly known RCE vulnerability (remote code execution), the access_log, error_log …
Security of web applications: vulnerabilities in upload mechanisms
File upload is one of the most common functionalities in web applications. Typically, it involves uploading images or documents to the server. It is also a place that pentesters look for due to the numerous security errors in implementations. In this article, we will present the most common vulnerabilities and show how they can be …