Vulnerability Description On February 3, Django Software Foundation (DSF) released a security bulletin, announcing the fix of a SQL injection vulnerability (CVE-2020-7471) that is exploited via a StringAgg delimiter. An attacker could break escaping and inject malicious SQL statements by passing a crafted delimiter to the aggregation function contrib.postgres.aggregates.StringAgg. (more…)
Category: Blog
IP Reputation Report-02232020
Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at February 23, 2020. (more…)
Microsoft Multiple Products Critical Vulnerabilities Threat Alert
Vulnerability Description On February 12, 2020, Microsoft released February security update that fixed 100 security issues, including critical vulnerabilities like privilege escalation and remote code execution, found in Internet Explorer, Microsoft Edge, Microsoft Exchange Server, Microsoft Office, and other widely used applications. (more…)
Apache Dubbo Deserialization Vulnerability (CVE-2019-17564) Threat Alert
Overview Recently, researchers from the Chekmarx team discovered and released a deserialization vulnerability (CVE-2019-17564) existing in Apache Dubbo. Apache Dubbo is a high-performance Java RPC framework. This vulnerability exists in Dubbo application which has the HTTP protocol enabled for communication. An attacker could exploit this vulnerability by submitting a POST...
Adobe Security Bulletins for February 2020 Security Updates Threat Alert
Overview On February 11, 2020, local time, Adobe officially released February's security updates to fix multiple vulnerabilities in its various products, including Adobe Experience Manager, Adobe Digital Editions, Adobe Flash Player, Adobe Acrobat and Reader, and Adobe Framemaker. (more…)
Microsoft’s Security Bulletin for February 2020 Patches That Fix 100 Security Vulnerabilities Threat Alert
Overview Microsoft released the February 2020 security patches on Tuesday that fixes 100 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including Adobe Flash Player, Internet Explorer, Microsoft Edge, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft Malware Protection Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft...
