Privilege Escalation

Palo Alto Networks patches two firewall zero-days used in attacks

November 19, 2024November 19, 2024 geekfeed0Tagged Actively Exploited, Elevation of Privileges, Firewall, Palo Alto Networks, Privilege Escalation, rce, Remote Code Execution, zero day

Palo Alto Networks has finally released security updates for two actively exploited zero-day vulnerabilities in its Next-Generation Firewalls (NGFW). The first flaw, tracked as CVE-2024-0012, is an authentication bypass found in the PAN-OS management web interface that remote attackers can exploit to gain administrator privileges without requiring authentication or user interaction. The second one (CVE-2024-9474) is a PAN-OS privilege escalation […]

2 mins read

Critical RCE bug in VMware vCenter Server now exploited in attacks

November 18, 2024November 18, 2024 geekfeed0Tagged Actively Exploited, Broadcom, Elevation of Privileges, Privilege Escalation, rce, Remote Code Execution, vCenter Server, vmware

Broadcom warned today that attackers are now exploiting two VMware vCenter Server vulnerabilities, one of which is a critical remote code execution flaw. TZL security researchers reported the RCE vulnerability (CVE-2024-38812) during China’s 2024 Matrix Cup hacking contest. It is caused by a heap overflow weakness in the vCenter’s DCE/RPC protocol implementation and affects products […]

2 mins read

LiteSpeed Cache WordPress plugin bug lets hackers get admin access

November 1, 2024November 1, 2024 geekfeed0Tagged Elevation of Privileges, hackers, LiteSpeed Cache, Plugin, Privilege Escalation, wordpress

The free version of the popular WordPress plugin LiteSpeed Cache has fixed a dangerous privilege elevation flaw on its latest release that could allow unauthenticated site visitors to gain admin rights. LiteSpeed Cache is a caching plugin used by over six million WordPress sites, helping to speed up and improve user browsing experience. The newly discovered high-severity flaw […]

3 mins read