CVE-2023-40044, CVE-2023-42657: Progress Software Patches Multiple Vulnerabilities in WS_FTP Server


</p> <p><strong>Progress Software patches multiple flaws in its WS_FTP Server product, including a pair of critical flaws, one with a maximum CVSS rating of 10</strong></p> <h2>Background</h2> <p>On September 27, Progress Software <a href="https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023"><u>published an advisory</u></a> for WinSock File Transfer Protocol or <a href="https://www.ipswitch.com/ftp-server"><u>WS_FTP Server</u></a>, a secure file transfer solution, addressing eight vulnerabilities. Of the eight vulnerabilities, two are rated as critical:</p> <div class="table-responsive"> <table class="table"> <thead> <tr> <th><strong>CVE</strong></th> <th><strong>Description</strong></th> <th><strong>Vendor Assigned CVSSv3</strong></th> <th><strong>VPR*</strong></th> <th><strong>Severity</strong></th> </tr> </thead> <tbody> <tr> <td><a href="https://www.tenable.com/cve/CVE-2023-40044"><u>CVE-2023-40044</u></a></td> <td>WS_FTP .NET Deserialization Vulnerability in Ad Hoc Transfer Module</td> <td>10.0</td> <td>9.2</td> <td>Critical</td> </tr> <tr> <td><a href="https://www.tenable.com/cve/CVE-2023-42657"><u>CVE-2023-42657</u></a></td> <td>WS_FTP Directory Traversal Vulnerability</td> <td>9.9</td> <td>7.1</td> <td>Critical</td> </tr> </tbody> </table> </div> <p><i>*Please note: Tenable’s</i> <a href="https://www.tenable.com/blog/what-is-vpr-and-how-is-it-different-from-cvss"><i><u>Vulnerability Priority Rating</u></i></a> <i>(VPR) scores are calculated nightly. This blog post was published on October 2 and reflects VPR at that time.</i></p> <p>The remaining six vulnerabilities include three high-rated and three medium-rated vulnerabilities:</p> <div class="table-responsive"> <table class="table"> <thead> <tr> <th><strong>CVE</strong></th> <th><strong>Description</strong></th> <th><strong>Vendor Assigned CVSSv3</strong></th> <th><strong>Severity</strong></th> </tr> </thead> <tbody> <tr> <td><a href="https://www.tenable.com/cve/CVE-2023-40045"><u>CVE-2023-40045</u></a></td> <td>WS_FTP Reflected Cross-Site Scripting (XSS) Vulnerability</td> <td>8.3</td> <td>High</td> </tr> <tr> <td><a href="https://www.tenable.com/cve/CVE-2023-40046"><u>CVE-2023-40046</u></a></td> <td>WS_FTP SQL Injection Vulnerability</td> <td>8.2</td> <td>High</td> </tr> <tr> <td><a href="https://www.tenable.com/cve/CVE-2023-40047"><u>CVE-2023-40047</u></a></td> <td>WS_FTP Stored XSS Vulnerability</td> <td>8.3</td> <td>High</td> </tr> <tr> <td><a href="https://www.tenable.com/cve/CVE-2023-40048"><u>CVE-2023-40048</u></a></td> <td>WS_FTP Cross-Site Request Forgery Vulnerability</td> <td>6.8</td> <td>Medium</td> </tr> <tr> <td><a href="https://www.tenable.com/cve/CVE-2022-27665"><u>CVE-2022-27665</u></a></td> <td>WS_FTP Reflected XSS Vulnerability</td> <td>6.1</td> <td>Medium</td> </tr> <tr> <td><a href="https://www.tenable.com/cve/CVE-2023-40049"><u>CVE-2023-40049</u></a></td> <td>WS_FTP Information Disclosure Vulnerability</td> <td>5.3</td> <td>Medium</td> </tr> </tbody> </table> </div> <h2>Analysis</h2> <p>CVE-2023-40044 is a.NET deserialization vulnerability in the <a href="https://www.ipswitch.com/ftp-server/ad-hoc"><u>Ad Hoc Transfer module</u></a> of WS_FTP. An unauthenticated (or pre-authenticated) attacker could exploit this vulnerability by sending a specially crafted POST request to a vulnerable WS_FTP Server. Successful exploitation would grant an attacker the ability to achieve remote command execution on the underlying operating system of the WS_FTP Server.</p> <p>CVE-2023-42657 is a directory (or path) traversal vulnerability in WS_FTP. An authenticated, remote attacker could exploit this vulnerability to access and modify files (deleting, renaming) and folders (creating, deleting) in paths outside of authorized WS_FTP folders, as well as paths on the underlying operating system.</p> <p><strong>Concerns due to exploitation of critical flaw in Progress Software’s MOVEit Transfer</strong></p> <p>In late May, a zero-day vulnerability in Progress Software’s MOVEit Transfer secure managed file transfer (MFT) software <a href="https://www.tenable.com/blog/cve-2023-34362-moveit-transfer-critical-zero-day-vulnerability-exploited-in-the-wild"><u>was exploited by the CL0P ransomware group</u></a> and has resulted in the compromise of over 2,000 organizations according to <a href="https://www.emsisoft.com/en/blog/44123/unpacking-the-moveit-breach-statistics-and-analysis/"><u>researchers at Emsisoft</u></a>.</p> <p>Because of the past exploitation of a file transfer solution from Progress Software, there is notable concern surrounding the discovery of these flaws in WS_FTP. However, based on <a href="https://censys.com/cve-2023-40044/"><u>research from Censys</u></a>, there aren’t many publicly accessible WS_FTP servers with the Ad Hoc Transfer Module enabled. However, this does not mean that attackers will not target those that do have this module enabled.</p> <p><strong>Reports of in-the-wild exploitation following publication of proof-of-concept</strong></p> <p>On September 29, an exploit writer and researcher known as “MCKSys Argentina” <a href="https://twitter.com/MCKSysAr/status/1707855204647899194"><u>posted</u></a> details of a proof-of-concept (PoC) for CVE-2023-40044 on X (formerly known as Twitter), which includes screenshots of an HTTP POST request to a vulnerable WS_FTP Server that includes a generated deserialization payload using ysoserial.net:</p> <blockquote class="twitter-tweet" data-dnt="true"> <p dir="ltr" lang="en" xml:lang="en">Here is (are) the pic(s) PoC for CVE-2023-40044 (2 for those who need a bit more of info, like me!). <a href="https://t.co/Vm1xXS7k8g">https://t.co/Vm1xXS7k8g</a> <a href="https://t.co/i8ZkhxmHza">pic.twitter.com/i8ZkhxmHza</a></p> <p>— MCKSys Argentina (@MCKSysAr) <a href="https://twitter.com/MCKSysAr/status/1707855204647899194?ref_src=twsrc%5Etfw">September 29, 2023</a></p></blockquote> <p>MCKSys Argentina <a href="https://twitter.com/MCKSysAr/status/1669344764553236490"><u>also discovered a zero-day in MOVEit Transfer in June</u></a>, identified as <a href="https://www.tenable.com/cve/CVE-2023-35708"><u>CVE-2023-35708</u></a>.</p> <p>On September 30, <a href="https://www.theregister.com/2023/10/02/ws_ftp_update/"><u>reports</u></a> emerged that exploitation of CVE-2023-40044 had been observed in the wild.</p> <p><strong>Researchers credited with discovery share additional details</strong></p> <p>Shubham Shah, co-founder and CTO of Assetnote, one of the two researchers credited with finding CVE-2023-40044, <a href="https://twitter.com/infosec_au/status/1707521498091856230"><u>posted</u></a> that a write-up for this flaw would be shared 30 days following the release of a patch or if exploit details became available before then.</p> <blockquote class="twitter-tweet" data-dnt="true"> <p dir="ltr" lang="en" xml:lang="en">The <a href="https://twitter.com/assetnote?ref_src=twsrc%5Etfw">@assetnote</a> team recently discovered a pre-auth RCE in Progress WS_FTP, adivsory here:<a href="https://t.co/ZP1t4zfBZv">https://t.co/ZP1t4zfBZv</a></p> <p>We’re planning on writing up this issue after 30 days since patch release, or if details of the exploit are publicly released.</p> <p>— shubs (@infosec_au) <a href="https://twitter.com/infosec_au/status/1707521498091856230?ref_src=twsrc%5Etfw">September 28, 2023</a></p></blockquote> <p>On September 30, Shah and his team <a href="https://www.assetnote.io/resources/research/rce-in-progress-ws-ftp-ad-hoc-via-iis-http-modules-cve-2023-40044"><u>published a blog post</u></a> detailing the discovery of the flaw along with <a href="https://www.assetnote.io/resources/research/advisory-progress-ws-ftp-rce-cve-2023-40044"><u>its own advisory</u></a>.</p> <h2>Proof of concept</h2> <p>As noted above, a PoC for CVE-2023-40044 was shared on X on September 29.</p> <h2>Solution</h2> <p>Progress Software has released the following fixed versions of WS_FTP Server 2020 and 2022:</p> <p>Customers are strongly encouraged to apply the patches as soon as possible.</p> <p>For CVE-2023-40044, if patching is not feasible at this time, Progress Software suggests <a href="https://community.progress.com/s/article/Removing-or-Disabling-the-WS-FTP-Server-Ad-hoc-Transfer-Module"><u>removing or disabling the Ad Hoc Transfer module</u></a> if it has been enabled to mitigate the risk of exploitation.</p> <h2>Identifying affected systems</h2> <p>A list of Tenable plugins to identify these vulnerabilities will appear <a href="https://www.tenable.com/plugins/search?q=cves%3A%28%22CVE-2023-40044%22+OR+%22CVE-2023-42657%22+OR+%22CVE-2023-40045%22+OR+%22CVE-2023-40046%22+OR+%22CVE-2023-40047%22+OR+%22CVE-2023-40048%22+OR+%22CVE-2022-27665%22+OR+%22CVE-2023-40049%22%29&sort=&page=1"><u>here</u></a> as they’re released. This link uses a search filter to ensure that all matching plugin coverage will appear as it is released.</p> <p>Additionally, customers can use <a href="https://www.tenable.com/plugins/nessus/40770"><u>Plugin ID 40770</u></a>, our WS_FTP Server Version Detection, to identify WS_FTP assets. Please note that this plugin requires <a href="https://docs.tenable.com/vulnerability-management/Content/Scans/Credentials.htm"><u>credentials</u></a> in order to return version information for assets.</p> <h3>Get more information</h3> <p><b><i>Join <a href="https://community.tenable.com/s/group/0F9f2000000fyxyCAA/cyber-exposure-alerts">Tenable’s Security Response Team</a> on the Tenable Community.</i></b></p> <p><b><i>Learn more about <a href="https://www.tenable.com/products/tenable-one"><u>Tenable One</u></a>, the Exposure Management Platform for the modern attack surface.</i></b></p> </div> <p><script async src="//platform.twitter.com/widgets.js" charset="utf-8"></script><br /> <br /><br /> <br /><a href="https://www.tenable.com/blog/cve-2023-40044-cve-2023-42657-progress-software-patches-multiple-vulnerabilities-in-ws-ftp">Source link </a></p> </div><!-- .entry-content --> <footer class="entry-footer"> <span class="cat-links"> Posted in <a href="https://unifiedguru.com/category/rss_virtulization/" rel="category tag">RSS_Virtulization</a> </span> </footer><!-- .entry-footer --> </article><!-- #post-## --> <nav class="navigation post-navigation" aria-label="Posts"> <h2 class="screen-reader-text">Post navigation</h2> <div class="nav-links"><div class="nav-previous"><a href="https://unifiedguru.com/whats-next-for-vmware-at-google-cloud-next-london-2/" rel="prev">What’s Next for VMware at Google Cloud Next London</a></div><div class="nav-next"><a href="https://unifiedguru.com/ciscos-digital-impact-office-powers-digital-inclusion-across-the-globe/" rel="next">Cisco’s Digital Impact Office powers digital inclusion across the globe</a></div></div> </nav> </main><!-- #main --> </div><!-- #primary --> <div id="secondary-right" class="widget-area secondary-sidebar f-right clearfix" role="complementary"> <div id="sidebar-section-top" class="widget-area sidebar clearfix"> <aside id="newsletterwidget-10" class="widget widget_newsletterwidget"><h3 class="widget-title"><span>Subscribe For Updates</span></h3><div class="tnp tnp-subscription tnp-widget"> <form method="post" action="https://unifiedguru.com/wp-admin/admin-ajax.php?action=tnp&na=s"> <input type="hidden" name="nr" value="widget"> <input type="hidden" name="nlang" value=""> <div class="tnp-field tnp-field-firstname"><label for="tnp-1">Name</label> <input class="tnp-name" type="text" name="nn" id="tnp-1" value="" placeholder=""></div> <div class="tnp-field tnp-field-email"><label for="tnp-2">Email</label> <input class="tnp-email" type="email" name="ne" id="tnp-2" value="" placeholder="" required></div> <div class="tnp-field tnp-privacy-field"><label><input type="checkbox" name="ny" required class="tnp-privacy"> Subscribing I accept the privacy rules of this site</label></div><div class="tnp-field tnp-field-button" style="text-align: left"><input class="tnp-submit" type="submit" value="Subscribe Now For Updates" style=""> </div> </form> </div> </aside> </div> <div id="sidebar-section-cat-one" class="widget-area sidebar clearfix"> <div class="widget"> <h2 class="block-title"><span class="bordertitle-red"></span>VMWARE</h2> <div class="featured-post-sidebar"> <figure class="post-thumb clearfix"> <a href="https://unifiedguru.com/helping-public-sector-organisations-define-cloud-strategy/" title="Helping Public Sector Organisations Define Cloud Strategy" ><img post-id="1207" fifu-featured="1" src="https://simoncranney.files.wordpress.com/2019/10/cropped-network.jpeg?w=200" alt="Helping Public Sector Organisations Define Cloud Strategy" title="Helping Public Sector Organisations Define Cloud Strategy" title="Helping Public Sector Organisations Define Cloud Strategy" /></a> </figure> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>October 29, 2020</div> <h3><a href="https://unifiedguru.com/helping-public-sector-organisations-define-cloud-strategy/" title="Helping Public Sector Organisations Define Cloud Strategy" >Helping Public Sector Organisations Define Cloud Strategy</a></h3> <p class="side-excerpt">Introduction Cloud computing services have grown exponentially in</p> </div> </div> <div class="featured-post-sidebar"> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>May 18, 2016</div> <h3><a href="https://unifiedguru.com/how-to-change-the-vlan-id-of-the-service-console-in-esx-from-the-command-lineconsole/" title="How to change the VLAN ID of the Service Console in ESX from the command line/console" >How to change the VLAN ID of the Service Console in ESX from the command line/console</a></h3> </div> </div> <div class="featured-post-sidebar"> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>June 09, 2015</div> <h3><a href="https://unifiedguru.com/cisco-ucs-and-vmware-interfaces-vnics-ha-design-considerations/" title="Cisco UCS and Vmware Interfaces (Vnics) HA Design Considerations" >Cisco UCS and Vmware Interfaces (Vnics) HA Design Considerations</a></h3> </div> </div> <div class="featured-post-sidebar"> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>June 07, 2015</div> <h3><a href="https://unifiedguru.com/troubleshooting-network-and-tcpudp-port-connectivity-issues-on-esxesxi2020669/" title="Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi(2020669)" >Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi(2020669)</a></h3> </div> </div> <div class="featured-post-sidebar"> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>May 12, 2015</div> <h3><a href="https://unifiedguru.com/vsphere-client-parameters/" title="vSphere Client Parameters" >vSphere Client Parameters</a></h3> </div> </div> <div class="view-all-link"><a href="https://unifiedguru.com/category/vmware/" title="View All">View All</a></div> </div> </div> <div id="sidebar-section-cat-two" class="widget-area sidebar clearfix"> <div class="widget"> <h2 class="block-title"><span class="bordertitle-red"></span>Configuration Templates</h2> <div class="featured-post-sidebar clearfix"> <figure class="post-thumb clearfix"> </figure> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>February 16, 2015</div> <h3><a href="https://unifiedguru.com/cue-licenses/" title="CUE Licenses" >CUE Licenses</a></h3> <p class="side-excerpt">Note: Useful LINK COPIED FROM OTHER SOURCE FOR REFERENCE INTRODUCTION</p> </div> </div> <div class="featured-post-sidebar clearfix"> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>February 02, 2015</div> <h3><a href="https://unifiedguru.com/trouble-shooting-unity-express-with-call-manager-integeration-operational-issues/" title="Trouble shooting Unity Express with Call Manager Integeration & Operational Issues" >Trouble shooting Unity Express with Call Manager Integeration & Operational Issues</a></h3> </div> </div> <div class="featured-post-sidebar clearfix"> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>November 08, 2014</div> <h3><a href="https://unifiedguru.com/%ef%bb%bfcme-configuration-example-sip-trunks-to-viatalk-and-voip-ms/" title="CME Configuration Example: SIP Trunks to Viatalk and VoIP.ms" >CME Configuration Example: SIP Trunks to Viatalk and VoIP.ms</a></h3> </div> </div> <div class="featured-post-sidebar clearfix"> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>November 08, 2014</div> <h3><a href="https://unifiedguru.com/sip-phone-registration-cme-configuration/" title="SIP Phone registration – CME Configuration" >SIP Phone registration – CME Configuration</a></h3> </div> </div> <div class="featured-post-sidebar clearfix"> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>November 08, 2014</div> <h3><a href="https://unifiedguru.com/cue-voicemail-vpim-networking-cue-to-unity/" title="CUE Voicemail + VPIM networking (CUE to unity)" >CUE Voicemail + VPIM networking (CUE to unity)</a></h3> </div> </div> <div class="view-all-link"><a href="https://unifiedguru.com/category/configuration-templates/" title="View All">View All</a></div> </div> </div> </div> </div><!-- #content --> </div><!-- content-wrapper--> <footer id="colophon" class="site-footer clearrfix" role="contentinfo"> <div class="wrapper footer-wrapper clearfix"> <div class="top-bottom clearfix"> <div id="footer-top"> </div><!-- #foter-top --> <div id="footer-bottom"> </div><!-- #foter-bottom --> </div><!-- top-bottom--> <div class="footer-copyright border t-center"> <p> Copyright 2016. All rights reserved </p> <div class="site-info"> <a href="https://wordpress.org/">Proudly powered by WordPress</a> <span class="sep"> | </span> Profitmag by <a href="http://rigorousthemes.com/" rel="designer">Rigorous Themes</a> </div><!-- .site-info --> </div> </div><!-- footer-wrapper--> </footer><!-- #colophon --> </div><!-- #page --> <div class="a2a_kit a2a_kit_size_32 a2a_floating_style a2a_default_style" style="bottom:0px;left:0px;background-color:#23d5db"><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Funifiedguru.com%2Fcve-2023-40044-cve-2023-42657-progress-software-patches-multiple-vulnerabilities-in-ws_ftp-server%2F&linkname=CVE-2023-40044%2C%20CVE-2023-42657%3A%20Progress%20Software%20Patches%20Multiple%20Vulnerabilities%20in%20WS_FTP%20Server" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Funifiedguru.com%2Fcve-2023-40044-cve-2023-42657-progress-software-patches-multiple-vulnerabilities-in-ws_ftp-server%2F&linkname=CVE-2023-40044%2C%20CVE-2023-42657%3A%20Progress%20Software%20Patches%20Multiple%20Vulnerabilities%20in%20WS_FTP%20Server" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_pinterest" href="https://www.addtoany.com/add_to/pinterest?linkurl=https%3A%2F%2Funifiedguru.com%2Fcve-2023-40044-cve-2023-42657-progress-software-patches-multiple-vulnerabilities-in-ws_ftp-server%2F&linkname=CVE-2023-40044%2C%20CVE-2023-42657%3A%20Progress%20Software%20Patches%20Multiple%20Vulnerabilities%20in%20WS_FTP%20Server" title="Pinterest" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Funifiedguru.com%2Fcve-2023-40044-cve-2023-42657-progress-software-patches-multiple-vulnerabilities-in-ws_ftp-server%2F&linkname=CVE-2023-40044%2C%20CVE-2023-42657%3A%20Progress%20Software%20Patches%20Multiple%20Vulnerabilities%20in%20WS_FTP%20Server" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_whatsapp" href="https://www.addtoany.com/add_to/whatsapp?linkurl=https%3A%2F%2Funifiedguru.com%2Fcve-2023-40044-cve-2023-42657-progress-software-patches-multiple-vulnerabilities-in-ws_ftp-server%2F&linkname=CVE-2023-40044%2C%20CVE-2023-42657%3A%20Progress%20Software%20Patches%20Multiple%20Vulnerabilities%20in%20WS_FTP%20Server" title="WhatsApp" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_print" href="https://www.addtoany.com/add_to/print?linkurl=https%3A%2F%2Funifiedguru.com%2Fcve-2023-40044-cve-2023-42657-progress-software-patches-multiple-vulnerabilities-in-ws_ftp-server%2F&linkname=CVE-2023-40044%2C%20CVE-2023-42657%3A%20Progress%20Software%20Patches%20Multiple%20Vulnerabilities%20in%20WS_FTP%20Server" title="Print" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_google_gmail" href="https://www.addtoany.com/add_to/google_gmail?linkurl=https%3A%2F%2Funifiedguru.com%2Fcve-2023-40044-cve-2023-42657-progress-software-patches-multiple-vulnerabilities-in-ws_ftp-server%2F&linkname=CVE-2023-40044%2C%20CVE-2023-42657%3A%20Progress%20Software%20Patches%20Multiple%20Vulnerabilities%20in%20WS_FTP%20Server" title="Gmail" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div><div class="mb_supershare_holder"> <div id="openModal" class="mb_supershare_modalDialog"> <div style="background:url(https://unifiedguru.com/wp-content/plugins/super-share/img/struckaxiom.png) repeat;"> <div class="mb_supershare_ribbon"><div class="mb_supershare_ribbon-stitches-top"></div><strong class="mb_supershare_ribbon-content"><span style="font-size: 24px; line-height: 2;"> Love This Article? Spread It. </span></strong><div class="mb_supershare_ribbon-stitches-bottom"></div></div> <div class="mb_supershare_close">X</div> <!-- facebook need this script --> <div id="fb-root"></div> <script>(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = "//connect.facebook.net/en_US/all.js#xfbml=1"; fjs.parentNode.insertBefore(js, fjs); }(document, 'script', 'facebook-jssdk'));</script> <div class="social_icons_style" style="width:320px; margin-left:25px; margin-top:20px; margin 0 auto; overflow:visible"> <ul> <li style="overflow:hidden; width: 49px;"> <!-- facebook like button --> <div class="fb-like" data-href="https://unifiedguru.com:443/cve-2023-40044-cve-2023-42657-progress-software-patches-multiple-vulnerabilities-in-ws_ftp-server/" data-width="450" data-height="The pixel height of the plugin" data-colorscheme="light" data-layout="box_count" data-action="like" data-show-faces="false" data-send="false"></div> </li> <li> <!-- G+ button --> <!-- Place this tag where you want the +1 button to render. --> <div class="g-plusone" data-size="tall" data-href=""></div> <!-- Place this tag after the last +1 button tag. --> <script type="text/javascript"> (function() { var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true; po.src = 'https://apis.google.com/js/plusone.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); })(); </script> </li> <li> <!-- Twitter button --> <a href="https://twitter.com/share" class="twitter-share-button" data-url="" data-via="" data-lang="en" data-related="anywhereTheJavascriptAPI" data-count="vertical">Tweet</a> <script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="https://platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script> </li> <li> <!-- Linkedin button --> <script src="//platform.linkedin.com/in.js" type="text/javascript"></script> <script type="IN/Share" data-url="" data-counter="top"></script> </li> <li> <!-- StumbleUpon button --> <!-- Place this tag where you want the su badge to render --> <su:badge layout="5" location=""> </su:badge> <!-- Place this snippet wherever appropriate --> <script type="text/javascript"> (function() { var li = document.createElement('script'); li.type = 'text/javascript'; li.async = true; li.src = ('https:' == document.location.protocol ? 'https:' : 'http:') + '//platform.stumbleupon.com/1/widgets.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(li, s); })(); </script> </li> </ul> </div> </div> <!--DIV--> </div> <!--modalDialog--> </div> <!--mb_supershare_holder--> <script> jQuery(document).ready(function($) { $is_closed="no"; jQuery(document).scroll(function() { if(jQuery('article').length){ //For typical wordpress templates $afterpost = jQuery("article").position().top + jQuery("article").height()-(jQuery("article").height()/3); } else { //For Thesis framework $afterpost = jQuery(".content").position().top + jQuery(".post_box").height()-(jQuery(".post_box").height()/3); } if(jQuery(window).scrollTop() >= $afterpost && $is_closed=="no"){ jQuery(".mb_supershare_modalDialog").css({"display":"block"}); jQuery(".mb_supershare_modalDialog").animate({opacity:"1"},1000); } else{ jQuery(".mb_supershare_modalDialog").css({"display":"none"}); } }); jQuery(".mb_supershare_close").bind("click", function() { jQuery(".mb_supershare_modalDialog").fadeOut("slow"); $is_closed="yes"; setTimeout(function() { jQuery(".mb_supershare_modalDialog").css({"display":"none"}); }, 2000); }); }); </script> <script type='text/javascript'> const lazyloadRunObserver = () => { const lazyloadBackgrounds = document.querySelectorAll( `.e-con.e-parent:not(.e-lazyloaded)` ); const lazyloadBackgroundObserver = new IntersectionObserver( ( entries ) => { entries.forEach( ( entry ) => { if ( entry.isIntersecting ) { let lazyloadBackground = entry.target; if( lazyloadBackground ) { lazyloadBackground.classList.add( 'e-lazyloaded' ); } lazyloadBackgroundObserver.unobserve( entry.target ); } }); }, { rootMargin: '200px 0px 200px 0px' } ); lazyloadBackgrounds.forEach( ( lazyloadBackground ) => { lazyloadBackgroundObserver.observe( lazyloadBackground ); } ); }; const events = [ 'DOMContentLoaded', 'elementor/lazyload/observe', ]; events.forEach( ( event ) => { document.addEventListener( event, lazyloadRunObserver ); } ); </script> <script type="text/javascript" src="https://unifiedguru.com/wp-includes/js/dist/hooks.min.js?ver=2810c76e705dd1a53b18" id="wp-hooks-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-includes/js/dist/i18n.min.js?ver=5e580eb46a90c2b997e6" id="wp-i18n-js"></script> <script type="text/javascript" id="wp-i18n-js-after"> /* <![CDATA[ */ wp.i18n.setLocaleData( { 'text direction\u0004ltr': [ 'ltr' ] } ); /* ]]> */ </script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=6.0" id="swv-js"></script> <script type="text/javascript" id="contact-form-7-js-before"> /* <![CDATA[ */ var wpcf7 = { "api": { "root": "https:\/\/unifiedguru.com\/wp-json\/", "namespace": "contact-form-7\/v1" } }; /* ]]> */ </script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=6.0" id="contact-form-7-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/themes/profitmag/js/jquery.bxslider.js?ver=6.6.2" id="bxslider-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/themes/profitmag/js/jquery.ticker.js?ver=6.6.2" id="ticker-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/themes/profitmag/js/jquery.mCustomScrollbar.min.js?ver=1.0.0" id="mCustomScrollbar-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/themes/profitmag/js/jquery.mousewheel.min.js?ver=2.0.19" id="mousewheel-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/themes/profitmag/js/navigation.js?ver=20120206" id="profitmag-navigation-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/themes/profitmag/js/keyboard-navigation.js?ver=20120206" id="profitmag-keyboard-navigation-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/themes/profitmag/js/custom.js?ver=1.0" id="profitmag-custom-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/plugins/slidedeck/js/jail.js?ver=5.4.1" id="jail-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/plugins/slidedeck/js/jquery-mousewheel/jquery.mousewheel.min.js?ver=3.0.6" id="scrolling-js-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/plugins/slidedeck/js/jquery.easing.1.3.js?ver=1.3" id="jquery-easing-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/plugins/slidedeck/js/slidedeck.jquery.js?ver=1.4.1" id="slidedeck-library-js-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/plugins/slidedeck/js/slidedeck-public.js?ver=5.4.1" id="slidedeck-public-js"></script> <script type="text/javascript" src="https://platform.twitter.com/widgets.js?ver=1316526300" id="twitter-intent-api-js"></script> <script type="text/javascript" id="fifu-json-ld-js-extra"> /* <![CDATA[ */ var fifuJsonLd = {"url":"https:\/\/www.tenable.com\/sites\/default\/files\/styles\/640x360\/public\/images\/articles\/blog-tenable-research-advisory-medium-vulnerability-exploited.jpg?itok=JUHTEzRm"}; /* ]]> */ </script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/plugins/featured-image-from-url/includes/html/js/json-ld.js?ver=4.9.4" id="fifu-json-ld-js"></script> <script type="text/javascript"> var slideDeck2URLPath = "https://unifiedguru.com/wp-content/plugins/slidedeck"; var slideDeck2iframeByDefault = false; </script> </body> </html>