all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Technical Advisory: Adobe ColdFusion WDDX Deserialization Gadgets

Add to bookmarks
Nov. 21, 2023, 9 a.m. | McCaulay Hudson

NCC Group Research Blog research.nccgroup.com

Multiple vulnerabilities identified in Adobe ColdFusion allow an unauthenticated attacker to obtain the service account NTLM password hash, verify the existence of a file or directory on the underlying operating system, and configure central config server settings.

account adobe adobe coldfusion advisory attacker coldfusion deserialization directory file gadgets hash ntlm operating system password server service service account settings system technical technical advisories technical advisory unauthenticated verify vulnerabilities vulnerability research

Visit resource

More from research.nccgroup.com / NCC Group Research Blog

Sifting through the spines: identifying (potential) Cactus ransomware victims 6 days, 19 hours ago | research.nccgroup.com
access blog cactus cactus ransomware +17
Public Report – Confidential Mode for Hyperdisk – DEK Protection Analysis 2 weeks, 5 days ago | research.nccgroup.com
analysis architecture confidential data +19
Non-Deterministic Nature of Prompt Injection 2 weeks, 5 days ago | research.nccgroup.com
attack easy explained exploiting +10
Technical Advisory – Ollama DNS Rebinding Attack (CVE-2024-28224) 3 weeks, 2 days ago | research.nccgroup.com
access advisory api attack +24
Public Report – Google Privacy Sandbox Aggregation Service and Coordinator 1 month ago | research.nccgroup.com
aggregation companies google google privacy sandbox +16
Android Malware Vultur Expands Its Wingspan 1 month ago | research.nccgroup.com
android android banking malware android malware authors +18
LTair: The LTE Air Interface Tool 1 month, 2 weeks ago | research.nccgroup.com
air attacks blog blog post +14
The Development of a Telco Attack Testing Tool 1 month, 2 weeks ago | research.nccgroup.com
attack blog challenges development +13
Public Report – AWS Nitro System API & Security Claims Italian 1 month, 3 weeks ago | research.nccgroup.com
amazon amazon web services api apis +21

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Azure DevSecOps Cloud Engineer II

@ Prudent Technology | McLean, VA, USA
View on infosec-jobs.com

Security Engineer III - Python, AWS

@ JPMorgan Chase & Co. | Bengaluru, Karnataka, India
View on infosec-jobs.com

SOC Analyst (Threat Hunter)

@ NCS | Singapore, Singapore
View on infosec-jobs.com

Managed Services Information Security Manager

@ NTT DATA | Sydney, Australia
View on infosec-jobs.com

Senior Security Engineer (Remote)

@ Mattermost | United Kingdom
View on infosec-jobs.com

Penetration Tester (Part Time & Remote)

@ TestPros | United States - Remote
View on infosec-jobs.com
View more jobs