Global Events Archives - Página 10 de 17

Error log displaying Java exception details.

Multiple Vulnerabilities Found in Spring

Por NSFOCUSPostou 10 de maio de 2018

Spring released security advisories on May 9 local time for fixing its multiple vulnerabilities, including a critical remote code execution vulnerability. Reference link: https://pivotal.io/security Vulnerability Description CVE-2018-1257 (High) Parts of Spring Framework versions allow application programs to use Spring message module to make public STOMP on WebSocket endpoint through simple memory...

Computer screen displaying colorful programming code.

Drupal Remote Code Execution Vulnerability

Por NSFOCUSPostou 30 de abril de 2018

Drupal released a security advisory on April 25 local time, saying a critical vulnerability (CVE-2018-7602) affected Drupal 7.x and 8.x. Attackers could exploit this vulnerability in many ways for remote code execution. Drupal says it correlates with the previous vulnerability CVE-2018-7600 and has been found exploited by attackers. NSFOCUS...

Terminal window showing Java command execution.

Oracle WebLogic Server RCE Deserialization Vulnerability Analysis

Por NSFOCUSPostou 20 de abril de 2018

On April 17th local time, Oracle released the critical patch update (CPU) advisory, which contains a fix for the high-risk WebLogic server deserialization vulnerability (CVE-2018-2628), via which attackers can remotely execute arbitrary code in an unauthorized manner. Reference link: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html Affected Versions WebLogic 10.3.6.0 WebLogic 12.1.3.0 WebLogic 12.2.1.2 WebLogic 12.2.1.3...

Local Privilege Escalation Vulnerability in Latest Ubuntu Server

Por NSFOCUSPostou 19 de março de 2018

The latest Ubuntu Server has exposed a local privilege escalation vulnerability (CVE-2017-16995). This vulnerability has been fixed in earlier versions but has resurfaced in the latest version. Attackers can directly gain root privileges through this vulnerability. Currently Ubuntu has not released the patch yet. Affected version: Currently we know:...

A doctor measuring a patient's blood pressure with a sphygmomanometer.

Remote Code Execution Vulnerability in ManageEngine Applications Manager 13.5

Por NSFOCUSPostou 14 de março de 2018

Recently, researchers discovered a serious remote code execution (RCE) vulnerability (CVE-2018-7890) in ManageEngine Applications Manager. Vulnerabilities originate from the publicly accessible testCredential.do endpoint, which can result in remote code execution when validating user-supplied credentials. At present, no official version has been released to fix this vulnerability. Reference links: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7890 https://www.securityfocus.com/bid/103358 https://pentest.blog/advisory-manageengine-applications-manager-remote-code-execution-sqli-and/...

Cloud Expo Asia and Data Centre World logos.

Cloud Expo Asia & Data Centre World 2018

Por NSFOCUSPostou 12 de março de 2018

Cloud Expo Asia & Data Centre World 2018 October 10-11, 2018 Marina Bay Sands, Singapore