Tag

#perimeter

3 posts tagged #perimeter.

Analysis · May 20, 2026 · operations-desk

Shitrix: the Citrix bug that taught everyone how fast a perimeter RCE goes from PoC to pandemic

CVE-2019-19781, 'Shitrix,' was a path-traversal RCE in Citrix NetScaler. After disclosure with no patch, a public exploit dropped and mass exploitation followed within days. It set the template for the NetScaler-as-target story that CitrixBleed later continued.
Analysis · May 20, 2026 · operations-desk

Fortinet's other products take their turn: FortiWeb, FortiManager, FortiClient EMS

Beyond the long-running FortiOS auth-bypass cycle, 2025-2026 brought a wave of exploited bugs in FortiWeb, FortiManager, and FortiClient EMS, SQL injection, path traversal, auth bypass, and a format-string RCE. Same vendor, same perimeter-and-management target profile.
Analysis · May 20, 2026 · operations-desk

Palo Alto GlobalProtect CVE-2019-1579: another VPN gateway, another pre-auth RCE

CVE-2019-1579 was a pre-authentication remote code execution in Palo Alto's GlobalProtect SSL-VPN. It's one more entry in the longest-running story in this catalog: the SSL-VPN gateway as a perennial, pre-auth-RCE-prone perimeter target.