Tag: rce
-
Week in review: Atlassian Confluence RCE PoC, new Kali Linux, Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: High-risk Atlassian Confluence RCE fixed, PoC availa… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/06/09/week-in-review-atlassian-confluence-rce-poc-new-kali-linux-patch-tuesday-forecast/
-
PHP updates urged over critical vulnerability that could lead to RCE
First seen on scmagazine.com Jump to article: www.scmagazine.com/news/php-updates-urged-over-critical-vulnerability-that-could-lead-to-rce
-
Alleged RCE Vulnerability Threatens Subdomains of Italian Ministry of Defence
A threat actor known as spr1ngtr4p has purportedly advertised a Remote Code Execution (RCE) vulnerability affecting a subdomain of Italy’s Ministry of… First seen on thecyberexpress.com Jump to article: thecyberexpress.com/rce-vulnerability-italian-ministry-of-defence/
-
Understanding the RCE Vulnerabilities in WordPress Plugins
Imagine handing over the controls of your website to someone you don’t trust that’s the risk of RCE vulnerabilities in WordPress. Attackers can modi… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/understanding-the-rce-vulnerabilities-in-wordpress-plugins/
-
PHP fixes critical RCE flaw impacting all versions for Windows
A new PHP for Windows remote code execution (RCE) vulnerability has been disclosed, impacting all releases since version 5.x, potentially impacting a … First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/php-fixes-critical-rce-flaw-impacting-all-versions-for-windows/
-
Zyxel addressed three RCEs in endlife NAS devices
Zyxel Networks released an emergency security update to address critical vulnerabilities in end-of-life NAS devices. Zyxel Networks released an emerge… First seen on securityaffairs.com Jump to article: securityaffairs.com/164150/security/zyxel-rce-eof-nas-devices.html
-
Exploit for Fortinet Critical RCE Bug Allows SIEM Root Access
First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/exploit-fortinet-critical-rce-bug-siem-root-access
-
Details of Atlassian Confluence RCE Vulnerability Disclosed
SonicWall has shared technical details on a recently addressed high-severity remote code execution flaw in Confluence. The post l has shared technical… First seen on securityweek.com Jump to article: www.securityweek.com/details-of-atlassian-confluence-rce-vulnerability-disclosed/
-
PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800)
Security researchers have published a proof-of-concept (PoC) exploit that chains together two vulnerabilities (CVE-2024-4358, CVE-2024-1800) to achiev… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/06/04/cve-2024-4358-cve-2024-1800-poc/
-
Zyxel issues emergency RCE patch for endlife NAS devices
Zyxel Networks has released an emergency security update to address three critical vulnerabilities impacting older NAS devices that have reached end-o… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/zyxel-issues-emergency-rce-patch-for-end-of-life-nas-devices/
-
High-risk Atlassian Confluence RCE fixed, PoC available (CVE-2024-21683)
If you’re self-hosting an Atlassian Confluence Server or Data Center installation, you should upgrade to the latest available version to fix a high-se… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/06/03/cve-2024-21683-poc/
-
Experts released PoC exploit code for RCE in Fortinet SIEM
Researchers released a proof-of-concept (PoC) exploit for remote code execution flaw CVE-2024-23108 in Fortinet SIEM solution. Security researchers at… First seen on securityaffairs.com Jump to article: securityaffairs.com/163797/hacking/fortinet-siem-critical-rce-poc.html
-
Critical Netflix Genie Bug Opens Big Data Orchestration to RCE
The severe security vulnerability (CVE-2024-4701, CVSS 9.9) gives remote attackers a way to burrow into Netflix’s Genie open source platform, which is… First seen on darkreading.com Jump to article: www.darkreading.com/application-security/netflix-fixes-critical-vulnerability-on-big-data-orchestration-service
-
Exploit released for maximum severity Fortinet RCE bug, patch now
‹Security researchers have released a proof-of-concept (PoC) exploit for a maximum-severity vulnerability in Fortinet’s security information and event… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/exploit-released-for-maximum-severity-fortinet-rce-bug-patch-now/
-
TP-Link fixes critical RCE bug in popular C5400X gaming router
The TP-Link Archer C5400X gaming router is vulnerable to security flaws that could enable an unauthenticated, remote attacker to execute commands on t… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/tp-link-fixes-critical-rce-bug-in-popular-c5400x-gaming-router/
-
Critical Bug Allows DoS, RCE, Data Leaks in All Major Cloud Platforms
An on-by-default endpoint in ubiquitous logging service Fluent Bit contains an oversight that hackers can toy with to rattle most any cloud environmen… First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/critical-bug-dos-rce-data-leaks-in-all-major-cloud-platforms
-
AI-as-a-Service Platform Patches Critical RCE Vulnerability
Hackers Could Exploit Bug on Replicate to Steal Data, Manipulate AI Models. Attackers could have exploited a now-mitigated critical vulnerability in t… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/ai-as-a-service-platform-patches-critical-rce-vulnerability-a-25324
-
Experts released PoC exploit code for RCE in QNAP QTS
Experts warn of fifteen vulnerabilities in the QNAP QTS, the operating system for the Taiwanese vendor’s NAS products. An audit of QNAP QTS conducted … First seen on securityaffairs.com Jump to article: securityaffairs.com/163470/hacking/fifteen-vulnerabilities-in-the-qnap-qts.html
-
PoC Exploit Released for QNAP QTS zero-day RCE Flaw
Researchers have shown a proof-of-concept (PoC) attack for a zero-day remote code execution (RCE) flaw in the QTS operating system from QNAP. Users of… First seen on gbhackers.com Jump to article: gbhackers.com/poc-exploit-released-2/
-
QNAP QTS zero-day in Share feature gets public RCE exploit
An extensive security audit of QNAP QTS, the operating system for the company’s NAS products, has uncovered fifteen vulnerabilities of varying severit… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/qnap-qts-zero-day-in-share-feature-gets-public-rce-exploit/
-
6K-plus AI models may be affected by critical RCE vulnerability
First seen on scmagazine.com Jump to article: www.scmagazine.com/news/6k-plus-ai-models-may-be-affected-by-critical-rce-vulnerability
-
Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002)
New versions of Git are out, with fixes for five vulnerabilities, the most critical (CVE-2024-32002) of which can be used by attackers to remotely exe… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/05/16/git-cve-2024-32002/
-
PoC Exploit Released For D-LINK RCE Zero-Day Vulnerability
Two critical vulnerabilities have been discovered in D-Link DIR-X4860 routers which were associated with Authentication bypass due to HNAP port and re… First seen on gbhackers.com Jump to article: gbhackers.com/d-link-rce-zero-day-exploit-released/
-
PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers
The D-Link EXO AX4800 (DIR-X4860) router is vulnerable to remote unauthenticated command execution that could lead to complete device takeovers by att… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/poc-exploit-released-for-rce-zero-day-in-d-link-exo-ax4800-routers/
-
Critical Bug Could Open 50K+ Tinyproxy Servers to DoS, RCE
First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/critical-bug-50k-tinyproxy-servers-dos-rce
-
Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks
HPE Aruba Networking (formerly Aruba Networks) has released security updates to address critical flaws impacting ArubaOS that could result in remote c… First seen on thehackernews.com Jump to article: thehackernews.com/2024/05/four-critical-vulnerabilities-expose.html
-
Week in review: Veeam fixes RCE flaw in backup management platform, Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Veeam fixes RCE flaw in backup management platform (… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/05/12/week-in-review-veeam-fixes-rce-flaw-in-backup-management-platform-patch-tuesday-forecast/
-
Apache OFBiz RCE Flaw Let Attackers Execute Malicious Code Remotely
Many businesses use enterprise resource planning (ERP) systems like Apache OFBiz. However, it has been found to have significant security holes that l… First seen on gbhackers.com Jump to article: gbhackers.com/apache-ofbiz-rce-flaw/
-
HPE Aruba Vulnerabilities: Prevent Systems From RCE Attacks
Recently, HPE Aruba Networking, formerly known as Aruba Networks, has encountered significant security challenges. Vulnerabilities in their ArubaOS, t… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/05/hpe-aruba-vulnerabilities-prevent-systems-from-rce-attacks/
-
Veeam fixes RCE flaw in backup management platform (CVE-2024-29212)
Veeam has patched a high-severity vulnerability (CVE-2024-29212) in Veeam Service Provider Console (VSPC) and is urging customers to implement the pat… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/05/08/cve-2024-29212/