ZeroQlik: Achieving Unauthenticated Remote Code Execution via HTTP Request Tunneling and Path Traversal | allinfosecnews.com

Aug. 31, 2023, 1:03 p.m. | Emmaline

Blog - Praetorian www.praetorian.com

Overview In an effort to safeguard our customers, we perform proactive vulnerability research with the goal of identifying zero-day vulnerabilities that are likely to impact the security of leading organizations. Recently, we decided to take a look at Qlik Sense Enterprise, a data analytics solution similar to Tableau. The recent exploitation of vulnerabilities in the […]

The post ZeroQlik: Achieving Unauthenticated Remote Code Execution via HTTP Request Tunneling and Path Traversal appeared first on Praetorian.

analytics code code execution customers cve data data analytics enterprise http impact labs organizations path path traversal proactive qlik qlik sense remote code remote code execution request research safeguard security solution tunneling unauthenticated vulnerabilities vulnerability vulnerability research zero-day zero-day vulnerabilities

More from www.praetorian.com / Blog - Praetorian

Local Privilege Escalation Vulnerability in Ant Media Server (CVE-2024-32656) 3 weeks, 2 days ago | www.praetorian.com

ant application customers cve +21

MeshCentral Cross-Site Websocket Hijacking Vulnerability (CVE-2024-26135) 2 months, 3 weeks ago | www.praetorian.com

article can cross-site cswsh +17

Exploiting Kubernetes through Operator Injection 3 months ago | www.praetorian.com

application applications attack attackers +20

Relution Remote Code Execution via Java Deserialization Vulnerability 3 months, 2 weeks ago | www.praetorian.com

application article can clients +26

Protected: Tensorflow Supply Chain Compromise via Self-Hosted Runner Attack 4 months ago | www.praetorian.com

attack cd security ci compromise +5

Understanding the Impact of the new Apache Struts File Upload Vulnerability 5 months, 1 week ago | www.praetorian.com

abuse apache apache struts bug +23

SonicWall WXA – Authentication Bypass and Remote Code Execution Vulnerability 5 months, 1 week ago | www.praetorian.com

authentication authentication bypass bypass code +19

Analyzing the SonicWall Custom Grub LUKS Encryption Modifications 5 months, 2 weeks ago | www.praetorian.com

analysis application code code execution +17

Why Azure B2C ROPC Custom Flows Are Inherently Insecure 5 months, 3 weeks ago | www.praetorian.com

active directory administrators api authentication +23

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

View on infosec-jobs.com

Security Operations Vice President - Content Developer

@ JPMorgan Chase & Co. | Jersey City, NJ, United States

View on infosec-jobs.com

Computer and Forensics Investigator

@ ManTech | 221BQ - Cstmr Site,Springfield,VA

View on infosec-jobs.com

Senior Security Analyst

@ Oracle | United States

View on infosec-jobs.com