all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

CVE-2023-36934: Progress Software MOVEit Transfer SQL Injection Remote Code Execution Vulnerability

Add to bookmarks
July 20, 2023, 3:55 p.m. | Trend Micro Research Team

Zero Day Initiative - Blog www.zerodayinitiative.com

In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Guy Lederfein and Lucas Miller of the Trend Micro Research Team detail a recently patched remote code execution vulnerability in Progress MOVEit Transfer. This bug was originally discovered by Trend Micro Vulnerability Researcher Guy Lederfein and is the same type of vulnerability being used by the Cl0p ransomware gang to exfiltrate data. A crafted request can trigger the execution of SQL queries composed from a user-supplied string. An …

blog post bug code code execution cve cve-2023-36934 injection micro miller moveit moveit transfer progress progress software remote code remote code execution report research researcher service software sql sql injection team transfer trend trend micro vulnerability vulnerability research

Visit resource

More from www.zerodayinitiative.com / Zero Day Initiative - Blog

CVE-2024-2887: A Pwn2Own Winning Bug in Google Chrome 54 minutes ago | www.zerodayinitiative.com
blog blog post browsers bug +20
CVE-2024-20697: Windows Libarchive Remote Code Execution Vulnerability 2 weeks, 1 day ago | www.zerodayinitiative.com
amp blog post bug code +25
The April 2024 Security Updates Review 3 weeks, 1 day ago | www.zerodayinitiative.com
adobe april blog post can +12
Pwn2Own Vancouver 2024 - Day Two Results 1 month, 1 week ago | www.zerodayinitiative.com
blog post chrome edge event +10
Pwn2Own Vancouver 2024 - Day One Results 1 month, 1 week ago | www.zerodayinitiative.com
blog blog post browser day one +11
Pwn2Own Vancouver 2024 - The Full Schedule 1 month, 1 week ago | www.zerodayinitiative.com
blog post
The March 2024 Security Update Review 1 month, 2 weeks ago | www.zerodayinitiative.com
adobe blog post can check +14
CVE-2023-36049: Microsoft .NET CRLF Injection Arbitrary File Write/Deletion Vulnerability 1 month, 3 weeks ago | www.zerodayinitiative.com
arbitrary file write blog post bug crlf injection +26
The February 2024 Security Update Review 2 months, 2 weeks ago | www.zerodayinitiative.com
adobe blog post february latest +11

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Principal Business Value Consultant

@ Palo Alto Networks | Chicago, IL, United States
View on infosec-jobs.com

Cybersecurity Specialist, Sr. (Container Hardening)

@ Rackner | San Antonio, TX
View on infosec-jobs.com

Penetration Testing Engineer- Remote United States

@ Stanley Black & Decker | Towson MD USA - 701 E Joppa Rd Bg 700
View on infosec-jobs.com

Internal Audit- Compliance & Legal Audit-Dallas-Associate

@ Goldman Sachs | Dallas, Texas, United States
View on infosec-jobs.com

Threat Responder

@ Deepwatch | Remote
View on infosec-jobs.com
View more jobs