Vulnerability Research

A PHP environment variable manipulation vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to achieve remote code execution. The flaw exists in the way J-Web handles PHP environment variables, enabling attackers to execute arbitrary commands on affected devices.

Affects all Juniper SRX and EX series devices running vulnerable Junos OS versions with J-Web enabled. Widely exploited in the wild following disclosure.

An information disclosure vulnerability in the TerraMaster NAS API allows unauthenticated attackers to retrieve sensitive information including admin password hashes, leading to full device compromise and remote code execution.

Affects TerraMaster NAS devices worldwide. Combined with other flaws, enables complete takeover of network-attached storage devices containing sensitive data.

A cross-site scripting (XSS) vulnerability in Apache JSPWiki allows authenticated attackers to inject and execute arbitrary JavaScript in the context of other users' browsers. The flaw exists in the wiki page rendering engine.

Affects Apache JSPWiki deployments, enabling session hijacking, data theft, and privilege escalation through crafted wiki content.

An unauthenticated remote code execution vulnerability in CentOS Web Panel (CWP) due to improper input sanitization in the login page. The vulnerability allows OS command injection via the login parameter.

Affects all CentOS Web Panel installations. Actively exploited in the wild, enabling attackers to gain root access to web hosting servers managing multiple domains.

Multiple security vulnerabilities discovered in MAMP Server, a popular local development environment for macOS and Windows. The flaws include privilege escalation and arbitrary file access via the MAMP PRO interface.

Affects developers using MAMP for local development, potentially exposing development environments and credentials to local attackers.