UNDER ATTACK? CALL US

Category: Global Events

Multiple Vulnerabilities Found in Spring

By NSFOCUSPosted

Spring released security advisories on May 9 local time for fixing its multiple vulnerabilities, including a critical remote code execution vulnerability. Reference link: https://pivotal.io/security  Vulnerability Description CVE-2018-1257 (High) Parts of Spring Framework versions allow application programs to use Spring message module to make public STOMP on WebSocket endpoint through simple memory...

Drupal Remote Code Execution Vulnerability

By NSFOCUSPosted

  Drupal released a security advisory on April 25 local time, saying a critical vulnerability (CVE-2018-7602) affected Drupal 7.x and 8.x. Attackers could exploit this vulnerability in many ways for remote code execution. Drupal says it correlates with the previous vulnerability CVE-2018-7600 and has been found exploited by attackers. NSFOCUS...

Oracle WebLogic Server RCE Deserialization Vulnerability Analysis

By NSFOCUSPosted

On April 17th local time, Oracle released the critical patch update (CPU) advisory, which contains a fix for the high-risk WebLogic server deserialization vulnerability (CVE-2018-2628), via which attackers can remotely execute arbitrary code in an unauthorized manner. Reference link: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html Affected Versions WebLogic 10.3.6.0 WebLogic 12.1.3.0 WebLogic 12.2.1.2 WebLogic 12.2.1.3...

Local Privilege Escalation Vulnerability in Latest Ubuntu Server

By NSFOCUSPosted

  The latest Ubuntu Server has exposed a local privilege escalation vulnerability (CVE-2017-16995). This vulnerability has been fixed in earlier versions but has resurfaced in the latest version. Attackers can directly gain root privileges through this vulnerability. Currently Ubuntu has not released the patch yet. Affected version: Currently we know:...

Remote Code Execution Vulnerability in ManageEngine Applications Manager 13.5

By NSFOCUSPosted

Recently, researchers discovered a serious remote code execution (RCE) vulnerability (CVE-2018-7890) in ManageEngine Applications Manager. Vulnerabilities originate from the publicly accessible testCredential.do endpoint, which can result in remote code execution when validating user-supplied credentials. At present, no official version has been released to fix this vulnerability. Reference links: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7890 https://www.securityfocus.com/bid/103358 https://pentest.blog/advisory-manageengine-applications-manager-remote-code-execution-sqli-and/...

NSFOCUS
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.