Emergency Response Archives - Página 69 de 90

Hacker in hoodie with computer code background.

WebSphere Arbitrary File Read Vulnerability (CVE-2019-4505) Threat Alert

Por NSFOCUSPostou 14 de outubro de 2019

Vulnerability Description On September 18, 2019, IBM officially released a security bulletin, disclosing an arbitrary file read vulnerability (CVE-2019-4505) in WebSphere (web service deployment middleware), which allows remote attackers to read sensitive files on the server via a crafted URL. This could result in attackers viewing any files in a...

Futuristic glowing circuit board with neon lights.

phpStudy Backdoor Event Threat Alert

Por NSFOCUSPostou 9 de outubro de 2019

Event Overview Hangzhou Municipal Bureau of Public Security mentioned in its press release of Hangzhou Police Reports Work on Cracking Down on Cybercrimes and Achievements in the Cyberspace Cleanup Campaign 2019 released on September 20, 2019 that the phpStudy version released in 2016 was maliciously planted with a backdoor and...

Hacker with digital dollar symbol overlay.

phpMyAdmin Cross-Site Request Forgery Vulnerability (CVE-2019-12922) Threat Alert

Por NSFOCUSPostou 8 de outubro de 2019

Vulnerability Description phpMyAdmin is a free, open-source tool for administering MySQL and MariaDB. It is widely used to manage databases of websites created with WordPress, Joomla, and other content management platforms. (mais…)

Microsoft Excel Remote Code Execution Vulnerability (CVE-2019-1297) Threat Alert

Por NSFOCUSPostou 4 de outubro de 2019

Overview Microsoft released security updates for September that address a remote code execution vulnerability (CVE-2019-1297) in Microsoft Excel. This vulnerability exists in Microsoft Excel when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current...

Weaver E-cology OA System Remote Code Execution Vulnerability Threat Alert

Por NSFOCUSPostou 3 de outubro de 2019

Vulnerability Description On September 19, 2019, the Weaver e-cology OA system was reported to contain a remote code execution vulnerability. This vulnerability exists in the BeanShell component of the Weaver OA system. This component comes with the system and allows unauthorized access. Attackers could exploit this vulnerability to directly execute...

Fastjson 1.2.60 and Earlier Remote Code Execution Vulnerability Threat Alert

Por NSFOCUSPostou 2 de outubro de 2019

1 Vulnerability Description On September 18, a security researcher submitted Fastjson remediation code on Alibaba's official GitHub to prevent new exploits of the Fastjson deserialization remote code execution vulnerability. An attacker could exploit this vulnerability to remotely execute malicious code to compromise the server. (mais…)