Security Blog Cybersecurity knowledge and tools from the Praetorian team. Viewing articles by all subjectsAdvisory ServicesApplication SecurityBlockchain SecurityChariotCloud SecurityCorporate SecurityCyberSecurity Program StrategyDefensive SecurityExecutive ResourcesIn BriefIncident ResponseInternshipsIoT SecurityLabsManaged ServicesOffensive SecurityPeopleProduct SecurityUncategorized in all topicsABACActive DirectoryADFSadversarialapplicationAPTArtificial IntelligenceASMAttack Chainsattack emulationattack path mappingAttack Surface Managementauthenticationauthorizationautomationautomobile securityautomotiveAWSAzurebench testingbenefitsBest PracticesBlack Hat ArsenalBreach Attack Simulationbrute forcingcar hackingcartographyChariotChatGPTCI/CDcloudCloud Security Posture ManagementCNNsCollegeCommunityconference retrospectiveconstraintscontent discoveryContinuous Red Teamingcore valuesCRLF injection vulnerabilityCross-site ScriptingcryptographyCSC CISCultureCVEcybersecuritycybersecurity programDEIBdesign considerationsDFSCoerceDiversitydynamic linking injectioneconomy of trustend-to-endEnterprise SecurityequalityExploit DevelopmentfamilyFindingsfingerprintingFrameworkframework securityGatoGCPgenderGitHub RunnersGolanggovernancehelpdeskholistic assessmentIAM policyIAM rolesIdentity and Access Managementindustry profilesInspectorinstrumentinginter-chipinternational applicationinternet of thingsIstioJWTKonstellationkubernetesLambdaLLMLog4JLOLBASmachine learningmanaged servicesmanagementmarketplacematurationmeasurementmedical devicesmemory protectionmgm breachmitigationMITRE ATT&CKMLMOVEit TransferMulti-Vector AttacksNew HiresNIST CSFnosey parkerNTLMNucleioauth refresh tokenoffensive securityOpen SourceOpportunistic Attacksparental leavepartnerpen testpenetration testingpeoplepeople process & technologyPhishingpostmarket monitoringprivilege escalationProxyLogonPurple Teampwn requestQlik SenseransomwareRBACRed TeamRed Teamingrefresh tokenrelaying attacksremote code executionrole chainingRootkitscanningscreenshottingsecret scanningsecrets scanningsecurity controlssecurity debtSecurity InsightsSeveritysmart contractssolutionsstandardizationStatic AnalysisStrategysupply chaintalenttechnical advisoryTestingThreat HuntingThreat ModeingTools & Techniquestrust boundarytrust dependenciesuser interfaceVirtual File SystemvulnerabilitiesVulnerability ResearchWeb Application Firewallweb3whitebox assessment Subscribe To Our Blog
Labs in CVE Advisory: Qlik Original Fix for CVE 2023-41265 Vulnerable to RCE by Adam Crosser on September 20, 2023 Overview On August 29th, 2023 Qlik issued a patch for two vulnerabilities we identified in Qlik Sense Enterprise, CVE-2023-41265 and CVE-2023-41266. These vulnerabilities allowed for unauthenticated remote code execution via path traversal and HTTP request tunneling. As part of our standard operating procedure, we performed a diff of the issued patch to identify potential bypasses […] Read Article