Tag: rce
-
Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987)
A week after SolarWinds released a fix for a critical code-injection-to-RCE vulnerability (CVE-2024-28986) in Web Help Desk (WHD), another patch for a… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/08/23/cve-2024-28987/
-
SolarWinds: Critical RCE Bug Requires Urgent Patch
First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/solarwinds-critical-rce-bug-requires-urgent-patch
-
Novel Msupedge backdoor deployed via patched PHP RCE exploit
First seen on scmagazine.com Jump to article: www.scmagazine.com/brief/novel-msupedge-backdoor-deployed-via-patched-php-rce-exploit
-
Passwort Folge 11: News von Windows-RCE bis zu ungeheimen Geheimnissen
In der elften Folge des Podcasts schauen sich Sylvester und Christopher den aktuellen Windows-IPv6-Bug an, reden über Phishing, Malvertising und mehr…. First seen on heise.de Jump to article: www.heise.de/news/Passwort-Folge-11-News-von-Windows-RCE-bis-zu-ungeheimen-Geheimnissen-9838216.html
-
CISA Warns of Critical SolarWinds RCE Vulnerability Exploited in Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning regarding a newly discovered vulnerability in SolarWind… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/08/cisa-warns-of-critical-solarwinds-rce-vulnerability-exploited-in-attacks/
-
From Object Transition To RCE In The Chrome Renderer
First seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36219/From-Object-Transition-To-RCE-In-The-Chrome-Renderer.html
-
Attacks Leveraging Critical SolarWinds RCE Underway
First seen on scmagazine.com Jump to article: www.scmagazine.com/brief/cisa-attacks-leveraging-critical-solarwinds-rce-underway
-
CISA warns of Jenkins RCE bug exploited in ransomware attacks
‹CISA has added a critical Jenkins vulnerability that can be exploited to gain remote code execution to its catalog of security bugs, warning that it’… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-of-jenkins-rce-bug-exploited-in-ransomware-attacks/
-
SolarWinds Urges Upgrade After Revealing Critical RCE Bug
First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/solarwinds-upgrade-critical-rce-bug/
-
Unauthenticated RCE in WordPress Plugin Exposes 100,000 WordPress Sites
A critical vulnerability has been discovered in the GiveWP plugin, a popular WordPress donation and fundraising platform. This vulnerability, CVE-2024… First seen on gbhackers.com Jump to article: gbhackers.com/unauthenticated-rce-in-wordpress-plugin/
-
Microsoft Reveals Four OpenVPN Flaws Leading to Potential RCE and LPE
Microsoft on Thursday disclosed four medium-severity security flaws in the open-source OpenVPN software that could be chained to achieve remote code e… First seen on thehackernews.com Jump to article: thehackernews.com/2024/08/microsoft-reveals-four-openvpn-flaws.html
-
Experts Uncover Severe AWS Flaws Leading to RCE, Data Theft, and Full-Service Takeovers
Cybersecurity researchers have discovered multiple critical flaws in Amazon Web Services (AWS) offerings that, if successfully exploited, could result… First seen on thehackernews.com Jump to article: thehackernews.com/2024/08/experts-uncover-severe-aws-flaws.html
-
CISA warns critical SolarWinds RCE bug is exploited in attacks
CISA warned on Thursday that attackers are exploiting a recently patched critical vulnerability in SolarWinds’ Web Help Desk solution for customer sup… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-critical-solarwinds-rce-bug-is-exploited-in-attacks/
-
SolarWinds patches critical RCE vulnerability in its Web Help Desk
First seen on scmagazine.com Jump to article: www.scmagazine.com/news/solarwinds-patches-critical-rce-vulnerability-in-its-web-help-desk
-
Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986)
SolarWinds has fixed a critical vulnerability (CVE-2024-28986) in its Web Help Desk (WHD) solution that may allow attackers to run commands on the hos… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/08/15/cve-2024-28986/
-
Microsoft urges customers to fix zero-click Windows RCE in the TCP/IP stack
Microsoft addressed a critical zero-click Windows remote code execution (RCE) in the TCP/IP stack that impacts all systems with IPv6 enabled. Microsof… First seen on securityaffairs.com Jump to article: securityaffairs.com/167117/hacking/windows-rce-tcp-ip.html
-
Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch now
Microsoft warned customers this Tuesday to patch a critical TCP/IP remote code execution (RCE) vulnerability with an increased likelihood of exploitat… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/zero-click-windows-tcp-ip-rce-impacts-all-systems-with-ipv6-enabled-patch-now/
-
SolarWinds addressed a critical RCE in all Web Help Desk versions
SolarWinds addressed a critical remote code execution vulnerability in its Web Help Desk solutionfor customer support. SolarWinds fixed a critical vul… First seen on securityaffairs.com Jump to article: securityaffairs.com/167031/security/solarwinds-addressed-rce-whd.html
-
SolarWinds fixes critical RCE bug affecting all Web Help Desk versions
A critical vulnerability in SolarWinds’ Web Help Desk solution for customer support could be exploited to achieve remote code execution, the American … First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/solarwinds-fixes-critical-rce-bug-affecting-all-web-help-desk-versions/
-
0-Click Outlook RCE Vulnerability Triggered When Email is Clicked Technical Analysis
NetSPI discovered that Microsoft Outlook is vulnerable to authenticated remote code execution (CVE-2024-21378) due to improper validation of synchroni… First seen on gbhackers.com Jump to article: gbhackers.com/0-click-outlook-rce-vulnerability/
-
RCE likely with exploitation of several now-addressed Google Quick Share bugs
First seen on scmagazine.com Jump to article: www.scmagazine.com/brief/rce-likely-with-exploitation-of-several-now-addressed-google-quick-share-bugs
-
FreeBSD releases new patch for regreSSHion-related RCE flaw
First seen on scmagazine.com Jump to article: www.scmagazine.com/news/freebsd-releases-new-patch-for-regresshion-related-rce-flaw
-
RCE, privilege escalation likely with chained OpenVPN flaws
First seen on scmagazine.com Jump to article: www.scmagazine.com/brief/rce-privilege-escalation-likely-with-chained-openvpn-flaws
-
Microsoft found OpenVPN bugs that can be chained to achieve RCE and LPE
Microsoft found four bugs in OpenVPN that could be chained to achieve remote code execution and local privilege escalation. During the Black Hat USA 2… First seen on securityaffairs.com Jump to article: securityaffairs.com/166912/hacking/openvpn-rce-lpe.html
-
CVE-2024-38856: Pre-Auth RCE Vulnerability in Apache OFBiz
IntroductionOn August 5, 2024, researchers at SonicWall discovered a zero-day security flaw in Apache OFBiz tracked as CVE-2024-38856. The vulnerabili… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/08/cve-2024-38856-pre-auth-rce-vulnerability-in-apache-ofbiz/
-
Critical Apache OfBiz Vulnerability Allows Preauth RCE
The enterprise resource planning platform bug CVE-2024-38856 has a vulnerability-severity score of 9.8 out of 10 on the CVSS scale and offers a wide a… First seen on darkreading.com Jump to article: www.darkreading.com/application-security/critical-apache-ofbiz-vulnerability-allows-preauth-rce
-
QuickShell: Sharing Is Caring about an RCE Attack Chain on Quick Share
See how a SafeBreach Labs researcher bypassed the anti-tampering mechanism of a leading EDR to execute malicious code within one of the EDR’s own proc… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/08/quickshell-sharing-is-caring-about-an-rce-attack-chain-on-quick-share/
-
Cisco warns of critical RCE zero-days in end of life IP phones
Cisco is warning of multiple critical remote code execution zero-days in the web-based management interface of the end-of-life Small Business SPA 300 … First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-warns-of-critical-rce-zero-days-in-end-of-life-ip-phones/
-
Critical Jenkins Vulnerabilities Expose Servers To RCE Attack
Jenkins, an open source automation server, has been found to have two security issues, one of which is a critical flaw that, if exploited, might lead … First seen on gbhackers.com Jump to article: gbhackers.com/critical-jenkins-vulnerabilities/