NSFOCUS, Author at NSFOCUS - Página 227 de 273

Weblogic Remote Code Execution Vulnerability

Por NSFOCUSPostou 31 de julho de 2018

Oracle Critical Patch Update (CPU) Advisory was released on July 17. In this advisory, Oracle addressed a Weblogic deserialization problem (CVE-2018-2628) that disclosed in April but not completely fixed. The new CVE ID for the Weblogic vulnerability this time is CVE-2018-2893. Basic Scores (CVSS Version 3.0 Risk)：9.8 You can...

Cisco Policy Suite Cluster Manager Default Password Vulnerability

Por NSFOCUSPostou 31 de julho de 2018

Cisco released an advisory on July 18 to alert users about a critical vulnerability (CVE-2018-0375) in its Cluster Manager of Cisco Policy Suite. This vulnerability could allow an unauthenticated, remote attacker to log in to an affected system using the root account, which has default, static user credentials. The vulnerability...

MODX Revolution Remote Code Execution Vulnerability

Por NSFOCUSPostou 20 de julho de 2018

Recently MODX announced two critical vulnerabilities (CVE-2018-1000207) in MODX Revolution 2.6.4 and earlier versions. A remote attacker could use the vulnerabilities to execute arbitrary code and further to control the website or delete files. Reference: https://forums.modx.com/thread/104040/revolution-2-6-4-and-prior-two-cricital-vulnerabilities-upgrade-mandatory-patch#dis-post-559515 Affected Versions MODX Revolution <= 2.6.4 Unaffected Versions  Modx Revolution >= 2.6.5 Solution Users are...

XXE Vulnerability in WeChat Payment

Por NSFOCUSPostou 9 de julho de 2018

The website Seclists.Org disclosed a vulnerability in WeChat Pay on 3 July 2018. It was found by a payment security researcher, who described that WeChat unintentionally provides an xxe vulnerability in the JAVA version SDK when merchants provide a notification URL to accept asynchronous payment results. The attacker can build...

Arbitrary File Deletion Vulnerability in WordPress Core

Por NSFOCUSPostou 28 de junho de 2018

RIPS Technologies (www. www.ripstech.com/) published an arbitrary file deletion vulnerability in the WordPress core on 26 June 2018. Any WordPress version including the current version is affected. After an attacker gains the privileges to edit and delete media files, the vulnerability can be used to escalate privileges attained through the...

Line graph of NSFOCUS database entry changes.

NSFOCUS Weekly Cybersecurity Report

Por NSFOCUSPostou 20 de junho de 2018

(Report ID: 201824) Internet Threat Status CVE Statistics Last week we saw a slight increase in the total entries of CVE IDs. Threat Review New 'Lazy FP State Restore' Vulnerability Found in All Modern Intel CPUs Date: 06-13-2018 Description: Hell Yeah! Another security vulnerability has been discovered in Intel...