ZeroQlik: Achieving Unauthenticated Remote Code Execution via HTTP Request Tunneling and Path Traversal | allinfosecnews.com

Aug. 31, 2023, 1:03 p.m. | Emmaline

Blog - Praetorian www.praetorian.com

Overview In an effort to safeguard our customers, we perform proactive vulnerability research with the goal of identifying zero-day vulnerabilities that are likely to impact the security of leading organizations. Recently, we decided to take a look at Qlik Sense Enterprise, a data analytics solution similar to Tableau. The recent exploitation of vulnerabilities in the […]

The post ZeroQlik: Achieving Unauthenticated Remote Code Execution via HTTP Request Tunneling and Path Traversal appeared first on Praetorian.

analytics code code execution customers cve data data analytics enterprise http impact labs organizations path path traversal proactive qlik qlik sense remote code remote code execution request research safeguard security solution tunneling unauthenticated vulnerabilities vulnerability vulnerability research zero-day zero-day vulnerabilities

More from www.praetorian.com / Blog - Praetorian

Compromising ByteDance’s RSPack using GitHub Actions Vulnerabilities 1 week, 2 days ago | www.praetorian.com

actions attacker bytedance bytedance rspack +16

Local Privilege Escalation Vulnerability in Ant Media Server (CVE-2024-32656) 1 month, 2 weeks ago | www.praetorian.com

ant application customers cve +21

MeshCentral Cross-Site Websocket Hijacking Vulnerability (CVE-2024-26135) 3 months, 1 week ago | www.praetorian.com

article can cross-site cswsh +17

Exploiting Kubernetes through Operator Injection 3 months, 3 weeks ago | www.praetorian.com

application applications attack attackers +20

Relution Remote Code Execution via Java Deserialization Vulnerability 4 months, 1 week ago | www.praetorian.com

application article can clients +26

Protected: Tensorflow Supply Chain Compromise via Self-Hosted Runner Attack 4 months, 3 weeks ago | www.praetorian.com

attack cd security ci compromise +5

Understanding the Impact of the new Apache Struts File Upload Vulnerability 5 months, 3 weeks ago | www.praetorian.com

abuse apache apache struts bug +23

SonicWall WXA – Authentication Bypass and Remote Code Execution Vulnerability 6 months ago | www.praetorian.com

authentication authentication bypass bypass code +19

Analyzing the SonicWall Custom Grub LUKS Encryption Modifications 6 months ago | www.praetorian.com

analysis application code code execution +17

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Senior Security Researcher - Linux MacOS EDR (Cortex)

@ Palo Alto Networks | Tel Aviv-Yafo, Israel

View on infosec-jobs.com

Sr. Manager, NetSec GTM Programs

@ Palo Alto Networks | Santa Clara, CA, United States

View on infosec-jobs.com

SOC Analyst I

@ Fortress Security Risk Management | Cleveland, OH, United States

View on infosec-jobs.com