Following Apple’s March release of patches, Trend Micro reported two of the discovered vulnerabilities. Left unpatched, these macOS flaws can be used by attackers in escalating admin privileges to access restricted information or open systems to attacks.Read More
CVE-2019-0232 is a vulnerability in Apache Tomcat that could allow attackers to execute arbitrary commands by abusing an operating system command injection brought about by a Tomcat CGI Servlet input validation error.Read More
A critical remote code execution (RCE) vulnerability (CVE-2019-7238) was found in Sonatype’s Nexus Repository Manager (NXRM) 3, an open source project that allows developers, such as DevOps professionals, to manage software components required for software development, application deployment, and automated hardware provisioning.Read More
On February 19, 2019, Simon Scannell of RIPS Technologies published his findings on core vulnerabilities in WordPress that can lead to remote code execution (RCE). These have been assigned as CVE-2019-8942 and CVE-2019-8943. In a nutshell, these security flaws, when successfully exploited, could enable attackers with at least author privileges to execute hypertext preprocessor (PHP) code and gain full system control. Affected versions of WordPress include versions 5 (prior to 5.0.1) and 4 (prior to 4.9.9). The vulnerabilities have also been disclosed to WordPress’ security team.
This blog post expounds the technical details of the vulnerabilities, specifically, how a potential attack could look like and the parameters that are added to take advantage of a vulnerable WordPress site.Read More
The Apache Struts framework is useful for building modern Java-based web applications, with two major versions, Apache Struts 1 and Apache Struts 2, released so far. Support for Apache Struts 1 ended in 2008 with the adoption of Apache Struts 2, which reached its first full release at the start of 2007. A Struts 1 plugin is available that allows developer to use existing Struts 1 Actions and ActionForms in Struts 2 web applications. A vulnerability has been found in this plugin that could allow remote code execution on the affected server, if used with Struts 2.3.x. (Versions 2.5.x are not affected.)Read More