Emergency Response Archives - Página 78 de 90

Apache Tomcat Remote Code Execution Vulnerability (CVE-2019-0232) Threat Alert

Por NSFOCUSPostou 26 de abril de 2019

Overview On April 10, local time, Apache Software Foundation officially released a security advisory, announcing the fix of a remote code execution vulnerability (CVE-2019-0232). The Java Runtime Environment (JRE), when running on a Windows system with enableCmdLineArguments enabled, passes command-line parameters to Windows in an incorrect manner. This leads to...

Siemens Multiple Products Vulnerabilities Threat Alert

Por NSFOCUSPostou 25 de abril de 2019

Overview On April 9, local time, Siemens officially released a security advisory, announcing the fix of vulnerabilities of different risk levels in a spectrum of products such as SIMATIC WinCC Open Architecture (SIMATIC WinCC OA), Spectrum Power, and RUGGEDCOM RXO II. Of all these vulnerabilities, two have a CVSS v3.0...

Digital shield with binary code and circuits.

Confluence SSRF and Remote Code Execution Vulnerability Handling Guide

Por NSFOCUSPostou 22 de abril de 2019

1 Vulnerability Overview Recently, Atlassian officially released a security bulletin, announcing a server-side request forgery (SSRF) vulnerability and a remote code execution vulnerability (CVE-2019-3396). The two vulnerabilities respectively reside in WebDAV and Widget Connector and could be exploited by an attacker for remote code execution and server-side request forgery. (mais…)

Apache Axis Remote Code Execution Vulnerability (CVE-2019-0227) Threat Alert

Por NSFOCUSPostou 19 de abril de 2019

Overview The default service StockQuoteService.jws in Axis contains a hard-coded HTTP URL, which can be used to trigger an HTTP request. An attacker can conduct a man-in-the-middle (MITM) attack by taking control of a domain (www.xmltoday.com) or performing ARP poisoning against the targeted Axis server, and then redirect the HTTP...

Highlighted code snippet with MultipartRequestWrapper.

Microsoft’s April 2019 Patches Fix 76 Vulnerabilities Threat Alert

Por NSFOCUSPostou 18 de abril de 2019

Overview Microsoft released April 2019 security patches on Tuesday that fix 76 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Core, Adobe Flash Player, CSRSS, Microsoft Browsers, Microsoft Edge, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Office, Microsoft Office...

Adobe Security Advisory for April Security Updates

Por NSFOCUSPostou 15 de abril de 2019

Overview On April 9, local time, Adobe officially released April security updates which fix multiple vulnerabilities in such products as Adobe Flash Player, Shockwave Player, Dreamweaver, XD CC, InDesign, Experience Manager Forms, and Bridge CC. (mais…)