Overview On January 22, 2019, local time, security researcher Max Justicz announced his discovery of a remote code execution (RCE) vulnerability in Linux apt/apt-get. This vulnerability stems from the APT's failure to properly handle certain parameters involved in HTTP redirects. It can be triggered via a man-in-the-middle attack or a...
Category: Emergency Response
Oracle January 2019 Critical Patch Update Security Advisory for All Product Families
Overview On January 15, 2019, local time, Oracle released its own security advisory and third-party security advisories for its January 2019 Critical Patch Update (CPU) which fix 284 vulnerabilities of varying severity levels across the product families. For details about affected products and available patches, see the appendix. (more…)
ThinkPHP 5.0-5.0.23, 5.1.0-5.1.31, and 5.2.* Remote Code Execution Vulnerability Handling Guide
1 Vulnerability Overview Recently, ThinkPHP 5.0-5.0.23 was found to have a remote code execution (RCE) vulnerability. The NSFOCUS Falcon Team carried out tests and found that ThinkPHP 5.0-5.0.23, 5.1.0-5.1.31, and 5.2.* were also prone to this vulnerability, which could be triggered in both Linux and Windows systems. (more…)
ThinkPHP 5.0.* Remote Code Execution Vulnerability Handling Guide
1 Vulnerability Overview Recently, ThinkPHP 5.0.* is prone to a remote code execution vulnerability that has been officially fixed. All related users should stay wary and take precautions as soon as possible. (more…)
ThinkPHP 5 Remote Code Execution Vulnerability Threat Alert
Overview On January 11, ThinkPHP addressed a remote code execution vulnerability. This vulnerability stems from the Request class's (thinkphp/library/think/Request.php) lack of sufficient input validation when handling requests, which finally leads to remote code execution. (more…)
Microsoft’s January 2019 Patch Fixes 51 Security Vulnerabilities Threat Alert
Overview Microsoft released the January 2019 security patch on Tuesday that fixes 51 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Framework, Adobe Flash Player, Android App, ASP.NET, Internet Explorer, Microsoft Edge, Microsoft Exchange Server, Microsoft JET Database Engine, Microsoft Office, Microsoft Office...
