Categoria: Blog

A critical vulnerability in Davolink DVW-3200N was disclosed on July 31. CVE-2018-10618 has been assigned to this vulnerability and the CVSS v3 base score is 9.8. This device generates a weak password hash that is easy to crack, allowing a remote attacker to gain access to the device. Reference: https://ics-cert.us-cert.gov/advisories/ICSA-18-212-01...

  Oracle Critical Patch Update (CPU) Advisory was released on July 17. In this advisory, Oracle addressed a Weblogic deserialization problem (CVE-2018-2628) that disclosed in April but not completely fixed. The new CVE ID for the Weblogic vulnerability this time is CVE-2018-2893. Basic Scores (CVSS Version 3.0 Risk)：9.8 You can...

Cisco released an advisory on July 18 to alert users about a critical vulnerability (CVE-2018-0375) in its Cluster Manager of Cisco Policy Suite. This vulnerability could allow an unauthenticated, remote attacker to log in to an affected system using the root account, which has default, static user credentials. The vulnerability...

Recently MODX announced two critical vulnerabilities (CVE-2018-1000207) in MODX Revolution 2.6.4 and earlier versions.  A remote attacker could use the vulnerabilities to execute arbitrary code and further to control the website or delete files. Reference: https://forums.modx.com/thread/104040/revolution-2-6-4-and-prior-two-cricital-vulnerabilities-upgrade-mandatory-patch#dis-post-559515 Affected Versions MODX Revolution <= 2.6.4 Unaffected Versions  Modx Revolution >= 2.6.5 Solution Users are...

Overview Drupal released a security advisory on 28 March 2018 to disclose a remote execution code (RCE) vulnerability in the Drupal core, sa-core-2018-002 (CVE-2018-7600). Soon, two more security advisories were also published within a month, including a Cross-Site Scripting (XSS) vulnerability and a critical code execution vulnerability — sa-core-2018-004 (CVE-2018-7602)....