The website Seclists.Org disclosed a vulnerability in WeChat Pay on 3 July 2018. It was found by a payment security researcher, who described that WeChat unintentionally provides an xxe vulnerability in the JAVA version SDK when merchants provide a notification URL to accept asynchronous payment results. The attacker can build...
Category: Global Events
Arbitrary File Deletion Vulnerability in WordPress Core
RIPS Technologies (www. www.ripstech.com/) published an arbitrary file deletion vulnerability in the WordPress core on 26 June 2018. Any WordPress version including the current version is affected. After an attacker gains the privileges to edit and delete media files, the vulnerability can be used to escalate privileges attained through the...
Zip Slip Vulnerability Advisory
On 5th June 2018 Snyk Security team disclosed a Zip Slip vulnerability, which could result in potential command execution using a specially crafted archive that holds directory traversal filenames . Reference: https://snyk.io/research/zip-slip-vulnerability Description Attackers could use a specially crafted archive holding directory traversal filenames (e.g. ../../evil.sh) to trigger this vulnerability....
Cisco IOS XE AAA RCE Vulnerability
Cisco released an advisory on 6th June for a critical vulnerability (CVE-2018-0315) in its Authentication, Authorization, and Accounting Login Authentication service. It could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause an affected device to reload, resulting in a denial of service condition....
Code Execution Vulnerability in Red Hat DHCP Client Script
Red Hat released a security advisory on May 15 for fixing a critical vulnerability (CVE-2018-1111)in the DHCP Client. An attacker on local network could use a malicious DHCP server or a spoofed DHCP response to execute arbitrary command with root privileges on systems using NetworkManager which is configured to...
Adobe Fixed Nearly 50 Vulnerabilities in Acrobat and Reader
Adobe released updates on Monday for 47 vulnerabilities in its Acrobat and reader, including critical ones that allow information leakage and arbitrary code execution. Category Impact Severity CVE# Double Free Arbitrary Code Execution Critical CVE-2018-4990 Heap Overflow Arbitrary Code Execution Critical CVE-2018-4947, CVE-2018-4948, CVE-2018-4966, CVE-2018-4968, CVE-2018-4978, CVE-2018-4982, CVE-2018-4984 Use-after-free Arbitrary Code Execution Critical...
