Tag: adobe
-
Adobe Warns of ColdFusion Vulnerability Allows Attackers Read arbitrary files
Adobe has issued a critical security update for ColdFusion versions 2023 and 2021 to address a major vulnerability that could lead to an arbitrary file system read. The identified vulnerability, CVE-2024-53961, has a known proof-of-concept exploit, making the updates crucial for users. This release underscores Adobe’s commitment to ensuring the security and integrity of its…
-
Adobe ColdFusion Any File Read Vulnerability (CVE-2024-53961)
Overview Recently, NSFOCUS CERT detected that Adobe issued a security announcement and fixed any file read vulnerability in Adobe ColdFusion (CVE-2024-53961). Due to improper restrictions on pathnames in Adobe ColdFusion, unauthenticated attackers can bypass the application’s restrictions to read files or directories outside of the restricted directory. As a result, sensitive information may be disclosed…The…
-
MSSP Market Update: Adobe Issues Emergency Security Update
First seen on scworld.com Jump to article: www.scworld.com/news/mssp-market-update-adobe-issues-emergency-security-update
-
Adobe is aware that ColdFusion bug CVE-2024-53961 has a known PoC exploit code
Adobe released out-of-band security updates to address a critical ColdFusion vulnerability, experts warn of a PoC exploit code available for it. Adobe released out-of-band security updates to address a critical vulnerability, tracked as CVE-2024-53961 (CVSS score 7.4), in ColdFusion. Experts warn of the availability of a proof-of-concept (PoC) exploit code for this vulnerability. The vulnerability is an…
-
Adobe Patches ColdFusion Flaw at High Risk of Exploitation
Adobe has released patches for a high-severity ColdFusion vulnerability for which proof-of-concept (PoC) code exists. The post Adobe Patches ColdFusion Flaw at High Risk of Exploitation appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/adobe-patches-coldfusion-flaw-at-high-risk-of-exploitation/
-
FYSA Adobe Cold Fusion Path Traversal Vulnerability
Summary Adobe has released a security bulletin (APSB24-107) addressing an arbitrary file system read vulnerability in ColdFusion, a web application server. The vulnerability, identified as CVE-2024-53961, can be exploited to read arbitrary files on the system, potentially leading to unauthorized… First seen on securityintelligence.com Jump to article: securityintelligence.com/news/fysa-adobe-cold-fusion-path-traversal-vulnerability/
-
Adobe warns of critical ColdFusion bug with PoC exploit code
Adobe has released out-of-band security updates to address a critical ColdFusion vulnerability with proof-of-concept exploit code. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/adobe-warns-of-critical-coldfusion-bug-with-poc-exploit-code/
-
CISA-Warnungen: Schwachstellen in Windows Kernel, Cleo etc.
Die US-Cybersicherheitsbehörde CISA hat ihren Schwachstellenkatalog um weitere Einträge ergänzt. So wird vor der Adobe ColdFusion Schwachstelle CVE-2024-20767 , der Windows Kernel-Schwachstelle CVE-2024-35250, oder vor Schwachstellen in der Cleo-Software gewarnt. Die Schwachstellen werden bekanntermaßen ausgenutzt. Mir ist die Warnung kürzlich … First seen on borncity.com Jump to article: www.borncity.com/blog/2024/12/20/cisa-warn-vor-windows-kernel-schwachstellen-cve-2024-20767-cve-2024-35250/
-
Acrobat outbounds and Foxit usefree PDF reader vulnerabilities found
Cisco Talos’ Vulnerability Research team recently disclosed three out-of-bounds read vulnerabilities in Adobe Acrobat Reader, and two use-after-free vulnerabilities in Foxit Reader. These vulnerabilities exist in Adobe Acrobat Reader and Foxit Reader, two of the most popular and feature-rich PDF readers on the market. The vulnerabilities First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/acrobat-out-of-bounds-and-foxit-use-after-free-pdf-reader-vulnerabilities-found/
-
CISA Warns of Exploited Adobe ColdFusion, Windows Vulnerabilities
CISA has warned organizations that two vulnerabilities affecting Adobe ColdFusion and Windows have been exploited in the wild. The post CISA Warns of Exploited Adobe ColdFusion, Windows Vulnerabilities appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/cisa-warns-of-exploited-adobe-coldfusion-windows-vulnerabilities/
-
U.S. CISA adds Microsoft Windows Kernel-Mode Driver and Adobe ColdFusion flaws to its Known Exploited Vulnerabilities catalog
Tags: access, adobe, cisa, control, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows Kernel-Mode Driver and Adobe ColdFusion flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference (CVE-2024-35250) and Adobe ColdFusion Improper Access Control (CVE-2024-20767) vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The…
-
CISA Warns of Adobe Windows Kernel Driver Vulnerabilities Exploited in Attacks
Tags: access, adobe, attack, cisa, control, cve, cyber, cybersecurity, exploit, infrastructure, kev, malicious, risk, vulnerability, windowsThe Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert, adding two significant vulnerabilities to its Known Exploited Vulnerabilities Catalog. These vulnerabilities, actively exploited by malicious actors, underscore the growing risks facing organizations. Adobe ColdFusion Access Control Weakness (CVE-2024-20767) One of the newly added vulnerabilities, CVE-2024-20767, affects Adobe ColdFusion due to improper access…
-
CISA and FBI Raise Alerts on Exploited Flaws and Expanding HiatusRAT Campaign
Tags: access, adobe, cisa, control, cve, cybersecurity, exploit, flaw, infrastructure, kev, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.The list of flaws is below -CVE-2024-20767 (CVSS score: 7.4) – Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or…
-
Microsoft closes 2024 with extensive security update
Adobe, too. First seen on cyberscoop.com Jump to article: cyberscoop.com/microsoft-patch-tuesday-december-2024/
-
Adobe Patches Over 160 Vulnerabilities Across 16 Products
Adobe has patched over 160 vulnerabilities across over a dozen products, including Reader, Illustrator, Photoshop and Connect. The post Adobe Patches Over 160 Vulnerabilities Across 16 Products appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/adobe-patches-over-160-vulnerabilities-across-16-products/
-
SAP fixed critical SSRF flaw in NetWeaver’s Adobe Document Services
SAP has issued patches for 16 vulnerabilities, including a critical SSRF flaw in NetWeaver’s Adobe Document Services. SAP addressed 16 vulnerabilities as part of its December 2024 Security Patch Day. The company released nine new and four updated security notes. The most severe of these vulnerabilities is a critical issue, tracked as CVE-2024-47578 (CVSS score…
-
Critical SAP Vulnerabilities Let Attackers Upload Malicious PDF Files
SAP has issued Security Note 3536965 to address multiple high-severity vulnerabilities in the Adobe Document Services of SAP NetWeaver AS for JAVA. These vulnerabilities, identified as CVE-2024-47578, CVE-2024-47579, and CVE-2024-47580, allow attackers to manipulate or upload malicious PDF files, potentially compromising internal systems and exposing sensitive data. Details of the Vulnerabilities CVE-2024-47578: Server-Side Request Forgery (SSRF) This flaw allows attackers with administrative privileges to send specially crafted…
-
Patchday Adobe: Schadcode-Attacken auf After Effects & Co. möglich
Verschiedene Anwendungen von Adobe sind verwundbar. Sicherheitsupdates schließen mehrere Lücken. First seen on heise.de Jump to article: www.heise.de/news/Patchday-Adobe-Schadcode-Attacken-auf-After-Effects-Co-moeglich-10029714.html
-
Patch Tuesday: Critical Flaws in Adobe Commerce, Photoshop, InDesign, Illustrator
Adobe patches critical-severity bugs in multiple products, including the Adobe Commerce and Magento Open Source platforms. The post Patch Tuesday: Critical Flaws in Adobe Commerce, Photoshop, InDesign, Illustrator appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/patch-tuesday-critical-flaws-in-adobe-commerce-photoshop-indesign-illustrator/
-
Infostealer SYS01 – Malvertising-Kampagne zielt auf Facebook, Office 365 und Adobe
First seen on security-insider.de Jump to article: www.security-insider.de/-malware-sys01-bedroht-nutzerkonten-malvertising-kampagne-a-fc49b3a71bf60ce9b54c463aa49ac482/
-
Adobe-Patchday: Neun Produkte mit Sicherheitslücken
Tags: adobeFirst seen on heise.de Jump to article: www.heise.de/news/Adobe-Patchday-Neun-Produkte-mit-Sicherheitsluecken-9974474.html
-
Unlocking Proactive Compliance with Adobe’s Common Controls Framework
TechSpective Podcast Episode 141 I had the pleasure of speaking with Devansh Sharma, Senior Security and Compliance Product Owner at Adobe, about a ga… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/unlocking-proactive-compliance-with-adobes-common-controls-framework/
-
Adobe Security Alert: Update Software Now to Protect Against Exploits
Adobe announced a series of important security updates aimed at addressing several vulnerabilities across its product suite. These vulnerabilities cou… First seen on thecyberexpress.com Jump to article: thecyberexpress.com/adobe-security-update/
-
Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit
Cybersecurity researchers have disclosed that 5% of all Adobe Commerce and Magento stores have been hacked by malicious actors by exploiting a securit… First seen on thehackernews.com Jump to article: thehackernews.com/2024/10/alert-adobe-commerce-and-magento-stores.html
-
CosmicSting-Attacke auf Adobe Commerce – Tausende Online-Shops mit Adobe Commerce gehackt
Tags: adobeFirst seen on security-insider.de Jump to article: www.security-insider.de/sicherheitsluecke-adobe-commerce-cosmicsting-angriffe-a-9abddaace30c0bb9430f24ef256467b8/
-
Thousands of Adobe Commerce e-stores hacked by exploiting the CosmicSting bug
Over 4,000 unpatched Adobe Commerce and Magento stores have been compromised by exploiting critical vulnerability CVE-2024-34102. Sansec researchers r… First seen on securityaffairs.com Jump to article: securityaffairs.com/169316/cyber-crime/4000-unpatched-adobe-commerce-and-magento-stores-hacked.html
-
CosmicSting Attacks Hit Adobe Commerce, Magento Stores
First seen on scworld.com Jump to article: www.scworld.com/brief/cosmicsting-attacks-hit-adobe-commerce-magento-stores
-
Widespread CosmicSting attacks hit Adobe Commerce, Magento stores
First seen on scworld.com Jump to article: www.scworld.com/brief/widespread-cosmicsting-attacks-hit-adobe-commerce-magento-stores