NEProfile - Host Header Injection

Posted by ghost on Aug 25

Exploit Title: NEProfile – Host Header Injection
Date: 5/13/2020
Vendor Homepage: https://seczetta.com
Software Link: https://seczetta.com/product/ne-profile
Version: 3.3.11
Tested on: 3.3.11
Exploit Author: Josh Sheppard & Bryan Clements
Exploit Contact: ghost () a t undervurse dot_com & mavr1ck2020 a t protonmail dot_com
Exploit Technique: Remote
CVE ID: CVE-2020-12855

1. Description

A host header injection vulnerability has been…

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

NEProfile – Host Header Injection

Original Source

CISA: Fortinet Updates Guidance and Indicators of Compromise following FortiManager Vulnerability Exploitation

CISA: CISA Releases Four Industrial Control Systems Advisories

CISA: JCDC’s Industry-Government Collaboration Speeds Mitigation of CrowdStrike IT Outage

CISA: CISA Releases Three Industrial Control Systems Advisories

CISA: Foreign Threat Actor Conducting Large-Scale Spearphishing Campaign with RDP Attachments

Original Source

You may have missed

CISA: Fortinet Updates Guidance and Indicators of Compromise following FortiManager Vulnerability Exploitation

CISA: CISA Releases Four Industrial Control Systems Advisories

CISA: JCDC’s Industry-Government Collaboration Speeds Mitigation of CrowdStrike IT Outage

CISA: CISA Releases Three Industrial Control Systems Advisories

CISA: Foreign Threat Actor Conducting Large-Scale Spearphishing Campaign with RDP Attachments