[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Jetro Cockpit Secure Browsing vulnerability - remote code execution on all enterprise workstations simultaneously

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Jetro Cockpit Secure Browsing vulnerability - remote code execution on all enterprise workstations simultaneously
From: Ronen Z <ronen@xxxxxxxxx>
Date: Sun, 2 Feb 2014 23:45:30 +0200

A critical vulnerability was discovered in Jetro Cockpit Secure Browsing, a
popular enterprise secure browsing solution.

The vulnerability allows simultaneous remote code execution into all the
enterprise workstations using the product. The vulnerability is unique in
that it breaks the basic value proposition of the security product in which
it is found.

Full disclosure and details here:
http://blog.quaji.com/2014/02/remote-code-execution-on-all-enterprise.html

Ronen Zilberman

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] [SECURITY] [DSA 2851-1] drupal6 security update
Next by Date: [Full-disclosure] pMap v1.10
Previous by thread: [Full-disclosure] [SECURITY] [DSA 2851-1] drupal6 security update
Next by thread: [Full-disclosure] pMap v1.10
Index(es):
- Date
- Thread