Exploiting CVEs

Our Latest Research Around Critical CVEs: Understanding, Exploiting & Defending against
Exploiting CVEs
April 1, 2024

Text4Shell(CVE-2022-42889)

Blog on CVE-2022-42889 explores a critical vulnerability found in Apache commons text in October 2022. Let's jump into its technicality.
Read More
Exploiting CVEs
March 29, 2024

RCE on MobSF(CVE-2024-21633)

This CVE exposes a critical security vulnerability in Apktool, a widely-used tool for reverse engineering closed-source, third-party Android apps.
Read More
Exploiting CVEs

Path Traversal in Openfire Admin Console

Enter CVE-2023-32315, an authentication bypass vulnerability discovered in Openfire, a popular XMPP server. This exploit grants malicious actors unrestricted access to the Openfire administrative console.
Read More
Exploiting CVEs
February 27, 2024

AI Engine WordPress Plugin(CVE-2023-51409)

Delve into CVE-2023-51409, a severe security flaw that affected the AI Engine plugin—a widely used AI-related WordPress plugin with over 50,000 active installations.
Read More
Exploiting CVEs
March 25, 2024

Apache Spark Command Injection Vulnerability

Join us as we investigate CVE-2022-33891, a critical vulnerability discovered in Apache Spark, a widely-used distributed computing framework. This flaw, involving command injection, poses severe risks of unauthorized access and control.
Read More
Exploiting CVEs
March 22, 2024

Ultimate Member plugin(CVE-2024-1071)

This blog addresses CVE-2024-1071, a critical security vulnerability found in the Ultimate Member plugin for WordPress. With over 200,000 active installations affected, it's essential to comprehend the intricacies of this issue.
Read More
Exploiting CVEs
March 20, 2024

Confluence Template Injection (CVE-2023-22527)

This blog takes a deep dive into the intricacies of the Atlassian Confluence CVE-2023-22527 vulnerability. It aims to illuminate the inner workings of the exploit and provide actionable defense strategies that organizations can implement effectively.
Read More
Exploiting CVEs
July 19, 2023

Office and Windows HTML Remote Code Execution (CVE-2023-36884)

CVE-2023-36884: Lets discuss the attack method, the elements that contributed to its success, and potential mitigation strategies
Read More
Exploiting CVEs
May 31, 2023

Spring4Shell (CVE-2022-22965)

Dive into the details of Spring4Shell CVE-2022-22965, a critical vulnerability that was discovered in the Spring Framework
Read More
Exploiting CVEs
June 22, 2023

Confluence (CVE-2022-26134)

Explore the vulnerability, how to exploit it, its potential impact, and the essential steps organisations can take to protect their virtual infrastructure
Read More
Exploiting CVEs
July 2, 2023

VMware vSphere (CVE-2021-21972)

Explore the vulnerability, how to exploit it, its potential impact, and the essential steps organisations can take to protect their virtual infrastructure
Read More
Exploiting CVEs
May 24, 2023

Exploiting Log4Shell or Log4j (CVE 2021-44229)

A critical vulnerability known as CVE 2021-44228 was discovered in the popular logging tool Log4j. This vulnerability allowed attackers to execute remote code on servers and gain unauthorized access to sensitive data.
Read More
An Award-Winning Cyber Security Consulting & Training Company
Email
Headquarter
Enciphers Labs Private Limited,
24th Floor, Tower B, Alphathum, Sector 90, Noida, Uttar Pradesh, India
Company
About usContact UsServicesTrainingBrand Kit
Useful links
Cyber Security PolicyData Protection PolicyResponsible DisclosurePrivacy PolicyHall Of Fame
© 2000-2024, All Rights Reserved