About NSFOCUS

ThinkPHP Remote Code Execution Vulnerability Handling Guide

December 17, 2018

1 Vulnerability Overview Recently, ThinkPHP posted a blog, announcing the release of an update that addresses a high-risk remote code execution (RCE) vulnerability. This vulnerability stems from the framework’s insufficient checks on controller names, which, in case forced routing is not enabled, would allow arbitrary code execution or even access to the server. ThinkPHP is […]

ThinkPHP 5.x Remote Code Execution Vulnerability Threat Alert

December 13, 2018

Overview

Recently, ThinkPHP posted a blog, announcing the release of an important update that addresses a critical vulnerability. This security update fixes a getShell vulnerability caused by the framework’s insufficient checks on controller names in case forced routing is not enabled. The vulnerability, which affects ThinkPHP 5.0 and 5.1, is fixed in the latest version. (more…)

Adobe Flash Player 0-Day Vulnerabilities Threat Alert

December 11, 2018

Overview

On December 5, 2018, local time, Adobe released a security bulletin to document the remediation of two vulnerabilities, namely a critical 0-day vulnerability (CVE-2018-15982) in Adobe Flash Player and an important vulnerability (CVE-2018-15983) in Adobe Flash Player installer. (more…)

“WeChat Pay” Ransomware Analysis and Decryption Tool

December 10, 2018

Risk Overview

Recently, over 20,000 PCs in China have fallen victim to WeChat Pay ransomware. Files on the affected devices are encrypted by the ransomware. To regain access to the files, users are asked to scan a WeChat QR code that appears in a pop-up window and pay 110 yuan (about $16) in ransom. So far, WeChat carrier has suspended the use of this QR code. It also steals passwords to popular platforms including Alipay, Baidu Cloud, internet company NetEase’s 163 email service, Tencent’s instant messaging platform QQ, Taobao, Tmall, and JD.com. (more…)

Adobe Flash Player Remote Code Execution Vulnerability Threat Alert

November 23, 2018

Overview

On November 20, 2018, local time, Adobe released a security advisory for documenting the remediation of a critical vulnerability in Adobe Flash Player. Successful exploitation of this vulnerability could allow attackers to remotely execute arbitrary code. (more…)

Adobe September 2018 Security Updates Threat Alert

November 19, 2018

Overview

On November 13, local time, Adobe officially released security bulletins and advisories to announce the remediation of multiple vulnerabilities in such products as Adobe Flash Player, Adobe Acrobat and Reader, and Adobe Photoshop CC. (more…)

Apache Struts2 Commons FileUpload Deserialization Remote Code Execution Vulnerability (CVE-2016-100031)Threat Alert

November 16, 2018

Vulnerability Overview

Recently, Apache Software Foundation (ASF) has released a security advisory to strongly advise users of Apache Struts2.3.X to upgrade the Apache Commons FileUpload component. Struts 2.3.x, by default, uses the Commons FileUpload component of V1.3.2. Early in 2016, this component of V1.3.2 is disclosed to contain a deserialization vulnerability (CVE-2016-100031) which could result in arbitrary code execution.

Commons is a Java subproject of ASF and FileUpload is a subproject for handling HTTP file uploads. The Commons FileUpload component is mainly used to assist developers in implementing the web file upload function.

(more…)

VMware Virtual Machine Escape Vulnerabilities (CVE-2018-6981 and CVE-2018-6982) Threat Alert

November 15, 2018

Overview

Recently, VMware has released a security advisory to document the remediation of two critical vulnerabilities (CVE-2018-6981 and CVE-2018-6982) in VMware ESXi, Workstation, and Fusion. The two vulnerabilities were disclosed by a Chinese cybersecurity firm Chaitin Tech at the international hacking contest GeekPwn2018.

(more…)

AVEVA InduSoft Web Studio and InTouch Edge HMI Critical Vulnerabilities Threat Alert

November 14, 2018

Overview

Recently, AVEVA released a security bulletin to announce the remediation of two critical vulnerabilities in industrial software.

CVE-2018-17916 is a stack overflow vulnerability that can be triggered by sending a crafted packet, leading to remote code execution by an unauthorized user.

CVE-2018-17914 stems from an empty password in the configuration file. An unauthorized attacker could exploit this vulnerability to remotely execute code with the same privilege as that of the affected software. (more…)

Multiple Cisco Vulnerabilities Threat Alert

November 6, 2018

Overview

Recently, Cisco released an official security advisory to announce fixes for multiple high-risk vulnerabilities, which could cause a denial of service and remote code execution. (more…)