Overview Recently, Oracle fixed two high-risk vulnerabilities in Weblogic (CVE-2019-2890 and CVE-2019-2891) in its October critical patch update. References: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html (more…)
Blog
IP Reputation Report-10272019
Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at October 27, 2019. (more…)
Cybersecurity Insights-2
Key Findings Finding 1 The interval between disclosure of a vulnerability and successful exploitation of this vulnerability was shortened to hours, posing the greatest challenge to traditional security operations. (more…)
Php-fpm Remote Code Execution Vulnerability (CVE-2019-11043) Threat Alert
Overview Recently, security researchers have published a vulnerability in php-fpm (CVE-2019-11043) that could lead to remote code execution in certain Nginx configurations. The vulnerability exists in the file sapi/fpm/fpm/fpm_main.c (https://github.com/php/php-src/blob/master/sapi/fpm/fpm/fpm_main.c#L1140), which assumes the prefix of env_path_info Equal to the path of the php script, but in fact the code does...
Weaver E-cology OA System SQL Ijection Vulnerability Threat Alert
Vulnerability Description On October 10, 2019, the national information security vulnerability sharing platform of China (CNVD) announced a SQL injection vulnerability (CNVD-2019-34241) in the Weaver e-cology OA system. When the workflowcentertreedata interface of the Weaver e-cology OA system uses the Oracle database, due to the loose splicing of the built-in...
Microsoft Released October Patches to Fix 61 Security Vulnerabilities
Overview Microsoft released the October security update patch on Tuesday, fixing 61 security issues ranging from simple spoofing attacks to remote code execution. Products include Azure, Internet Explorer, Microsoft Browsers, Microsoft Devices, Microsoft Dynamics, Microsoft Edge, Microsoft Graphics Component. , Microsoft JET Database Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft...
