Tag: rce
-
SolarWinds patches critical RCE vulnerability in its Web Help Desk
First seen on scmagazine.com Jump to article: www.scmagazine.com/news/solarwinds-patches-critical-rce-vulnerability-in-its-web-help-desk
-
Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986)
SolarWinds has fixed a critical vulnerability (CVE-2024-28986) in its Web Help Desk (WHD) solution that may allow attackers to run commands on the hos… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/08/15/cve-2024-28986/
-
Microsoft urges customers to fix zero-click Windows RCE in the TCP/IP stack
Microsoft addressed a critical zero-click Windows remote code execution (RCE) in the TCP/IP stack that impacts all systems with IPv6 enabled. Microsof… First seen on securityaffairs.com Jump to article: securityaffairs.com/167117/hacking/windows-rce-tcp-ip.html
-
Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch now
Microsoft warned customers this Tuesday to patch a critical TCP/IP remote code execution (RCE) vulnerability with an increased likelihood of exploitat… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/zero-click-windows-tcp-ip-rce-impacts-all-systems-with-ipv6-enabled-patch-now/
-
SolarWinds addressed a critical RCE in all Web Help Desk versions
SolarWinds addressed a critical remote code execution vulnerability in its Web Help Desk solutionfor customer support. SolarWinds fixed a critical vul… First seen on securityaffairs.com Jump to article: securityaffairs.com/167031/security/solarwinds-addressed-rce-whd.html
-
SolarWinds fixes critical RCE bug affecting all Web Help Desk versions
A critical vulnerability in SolarWinds’ Web Help Desk solution for customer support could be exploited to achieve remote code execution, the American … First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/solarwinds-fixes-critical-rce-bug-affecting-all-web-help-desk-versions/
-
0-Click Outlook RCE Vulnerability Triggered When Email is Clicked Technical Analysis
NetSPI discovered that Microsoft Outlook is vulnerable to authenticated remote code execution (CVE-2024-21378) due to improper validation of synchroni… First seen on gbhackers.com Jump to article: gbhackers.com/0-click-outlook-rce-vulnerability/
-
RCE likely with exploitation of several now-addressed Google Quick Share bugs
First seen on scmagazine.com Jump to article: www.scmagazine.com/brief/rce-likely-with-exploitation-of-several-now-addressed-google-quick-share-bugs
-
FreeBSD releases new patch for regreSSHion-related RCE flaw
First seen on scmagazine.com Jump to article: www.scmagazine.com/news/freebsd-releases-new-patch-for-regresshion-related-rce-flaw
-
RCE, privilege escalation likely with chained OpenVPN flaws
First seen on scmagazine.com Jump to article: www.scmagazine.com/brief/rce-privilege-escalation-likely-with-chained-openvpn-flaws
-
Microsoft found OpenVPN bugs that can be chained to achieve RCE and LPE
Microsoft found four bugs in OpenVPN that could be chained to achieve remote code execution and local privilege escalation. During the Black Hat USA 2… First seen on securityaffairs.com Jump to article: securityaffairs.com/166912/hacking/openvpn-rce-lpe.html
-
CVE-2024-38856: Pre-Auth RCE Vulnerability in Apache OFBiz
IntroductionOn August 5, 2024, researchers at SonicWall discovered a zero-day security flaw in Apache OFBiz tracked as CVE-2024-38856. The vulnerabili… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/08/cve-2024-38856-pre-auth-rce-vulnerability-in-apache-ofbiz/
-
Critical Apache OfBiz Vulnerability Allows Preauth RCE
The enterprise resource planning platform bug CVE-2024-38856 has a vulnerability-severity score of 9.8 out of 10 on the CVSS scale and offers a wide a… First seen on darkreading.com Jump to article: www.darkreading.com/application-security/critical-apache-ofbiz-vulnerability-allows-preauth-rce
-
QuickShell: Sharing Is Caring about an RCE Attack Chain on Quick Share
See how a SafeBreach Labs researcher bypassed the anti-tampering mechanism of a leading EDR to execute malicious code within one of the EDR’s own proc… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/08/quickshell-sharing-is-caring-about-an-rce-attack-chain-on-quick-share/
-
Cisco warns of critical RCE zero-days in end of life IP phones
Cisco is warning of multiple critical remote code execution zero-days in the web-based management interface of the end-of-life Small Business SPA 300 … First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-warns-of-critical-rce-zero-days-in-end-of-life-ip-phones/
-
Critical Jenkins Vulnerabilities Expose Servers To RCE Attack
Jenkins, an open source automation server, has been found to have two security issues, one of which is a critical flaw that, if exploited, might lead … First seen on gbhackers.com Jump to article: gbhackers.com/critical-jenkins-vulnerabilities/
-
CISA warns about actively exploited Apache OFBiz RCE flaw
Tags: apache, attack, cisa, cybersecurity, exploit, flaw, infrastructure, rce, remote-code-execution, vulnerabilityThe U.S. Cybersecurity & Infrastructure Security Agency is warning of two vulnerabilities exploited in attacks, including a path traversal impacting A… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-about-actively-exploited-apache-ofbiz-rce-flaw/
-
RCE possible with critical Apache OFBiz zero-day
First seen on scmagazine.com Jump to article: www.scmagazine.com/brief/rce-possible-with-critical-apache-ofbiz-zero-day
-
Critical Progress WhatsUp RCE flaw now under active exploitation
Threat actors are actively attempting to exploit a recently fixed Progress WhatsUp Gold remote code execution vulnerability on exposed servers for in… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-progress-whatsup-rce-flaw-now-under-active-exploitation/
-
Samsung to pay $1,000,000 for RCEs on Galaxy’s secure vault
Samsung has launched a new bug bounty program for its mobile devices with rewards of up to $1,000,000 for reports demonstrating critical attack scenar… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/samsung-to-pay-1-000-000-for-rces-on-galaxys-secure-vault/
-
Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856)
CVE-2024-38856, an incorrect authorization vulnerability affecting all but the latest version of Apache OFBiz, may be exploited by remote, unauthentic… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/08/05/cve-2024-38856/
-
PatchNow: ServiceNow Critical RCE Bugs Under Active Exploit
First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit
-
Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327)
Progress Software has fixed a critical vulnerability (CVE-2024-6327) in its Telerik Report Server solution and is urging users to upgrade as soon as p… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/07/26/cve-2024-6327/
-
Attacks exploiting critical ServiceNow RCE bugs underway
First seen on scmagazine.com Jump to article: www.scmagazine.com/brief/attacks-exploiting-critical-servicenow-rce-bugs-underway
-
Progress Software fixed critical RCE CVE-2024-6327 in the Telerik Report Server
Progress Software addressed a critical remote code execution vulnerability, tracked as CVE-2024-6327, in the Telerik Report Server. Telerik Report Ser… First seen on securityaffairs.com Jump to article: securityaffairs.com/166168/security/telerik-report-server-cve-2024-6327.html
-
Critical ServiceNow RCE flaws actively exploited to steal credentials
Tags: breach, credentials, data, exploit, flaw, government, rce, remote-code-execution, theft, threatThreat actors are chaining together ServiceNow flaws using publicly available exploits to breach government agencies and private firms in data theft a… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-servicenow-rce-flaws-actively-exploited-to-steal-credentials/
-
Progress warns of critical RCE bug in Telerik Report Server
Progress Software has warned customers to patch a critical remote code execution security flaw in the Telerik Report Server that can be used to compro… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/progress-warns-of-critical-rce-bug-in-telerik-report-server/
-
CISA Warns of Actively Exploited RCE Flaw in GeoServer GeoTools Software
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting OSGeo GeoServer GeoTools to its Kn… First seen on thehackernews.com Jump to article: thehackernews.com/2024/07/cisa-warns-of-actively-exploited-rce.html
-
Hackers are actively exploiting PHP RCE vulnerability (CVE-2024-4577)
A critical vulnerability in PHP, designated CVE-2024-4577, has become a prime target for cybercriminals within a day of its public disclosure in June … First seen on securityonline.info Jump to article: securityonline.info/hackers-are-actively-exploiting-php-rce-vulnerability-cve-2024-4577/