Top

Tag: remote code execution


Threats & Malware, Vulnerabilities

Double trouble for Fortinet customers as pair of critical vulns found in FortiSIEM

February 6, 2024

Via: The Register

Fortinet’s FortiSIEM product is vulnerable to two new maximum-severity security vulnerabilities that allow for remote code execution. Both CVE-2024-23108 and CVE-2024-23109 have been assigned provisional scores of 10 on the CVSS scale, suggesting exploits can be carried out remotely by […]


Threats & Malware, Vulnerabilities

Before you go away for Xmas: You’ve patched that critical Perforce Server hole, right?

December 19, 2023

Via: The Register

Four vulnerabilities in Perforce Helix Core Server, including one critical remote code execution bug, should be patched “immediately,” according to Microsoft, which spotted the flaws and disclosed them to the software vendor. Perforce Server is a source code management platform […]


Threats & Malware, Vulnerabilities

Atlassian security advisory reveals four fresh critical flaws – in mail with dead links

December 6, 2023

Via: The Register

Atlassian has emailed its customers to warn of four critical vulnerabilities, but the message had flaws of its own – the links it contained weren’t live for all readers at the time of despatch. The email, seen by The Register, […]


Threats & Malware, Vulnerabilities

A year on, CISA realizes debunked vuln actually a dud and removes it from must-patch list

December 6, 2023

Via: The Register

A security vulnerability previously added to CISA’s Known Exploited Vulnerability catalog (KEV), which was recognized by CVE Numbering Authorities (CNA), and included in reputable threat reports is now being formally rejected by infosec organizations. CISA removed CVE-2022-28958 from its KEV […]


Threats & Malware, Vulnerabilities

PoC for Splunk Enterprise RCE flaw released (CVE-2023-46214)

November 27, 2023

Via: Help Net Security

A proof-of-concept (PoC) exploit for a high-severity flaw in Splunk Enterprise (CVE-2023-46214) that can lead to remote code execution has been made public. Users are advised to implement the provided patches or workarounds quickly. About CVE-2023-46214 Splunk Enterprise is a […]


Threats & Malware, Vulnerabilities

Calls for Visual Studio security tweak fall on deaf ears despite one-click RCE exploit

October 13, 2023

Via: The Register

Perceived weaknesses in the security of Microsoft’s Visual Studio IDE are being raised once again this week with a fresh single-click exploit. Developed by Zhiniang Peng, principal security researcher and chief architect of security at Sangfor, the proof of concept […]


Threats & Malware, Vulnerabilities

Alert: Apache SuperSet Vulnerabilities Expose Servers to Remote Code Execution Attacks

September 7, 2023

Via: The Hacker News

Patches have been released to address two new security vulnerabilities in Apache Superset that could be exploited by an attacker to gain remote code execution on affected systems. The update (version 2.1.1) plugs CVE-2023-39265 and CVE-2023-37941, which make it possible […]


Threats & Malware, Vulnerabilities

9 Alarming Vulnerabilities Uncovered in SEL’s Power Management Products

September 6, 2023

Via: The Hacker News

Nine security flaws have been disclosed in electric power management products made by Schweitzer Engineering Laboratories (SEL). “The most severe of those nine vulnerabilities would allow a threat actor to facilitate remote code execution (RCE) on an engineering workstation,” Nozomi […]


Access control, Security

A Few More Reasons Why RDP is Insecure (Surprise!)

July 20, 2023

Via: The Hacker News

If it seems like Remote Desktop Protocol (RDP) has been around forever, it’s because it has (at least compared to the many technologies that rise and fall within just a few years.) The initial version, known as “Remote Desktop Protocol […]


Threats & Malware, Vulnerabilities

Critical SQL Injection Flaws Expose Gentoo Soko to Remote Code Execution

June 28, 2023

Via: The Hacker News

Multiple SQL injection vulnerabilities have been disclosed in Gentoo Soko that could lead to remote code execution (RCE) on vulnerable systems. “These SQL injections happened despite the use of an Object-Relational Mapping (ORM) library and prepared statements,” SonarSource researcher Thomas […]


Threats & Malware, Virus & Malware

Global Ransomware Attack on VMware EXSi Hypervisors Continues to Spread

February 7, 2023

Via: Dark Reading

A global ransomware attack on VMware ESXi hypervisors is expanding, according to multiple government agencies and researchers, having already infected thousands of targets. The attack, first flagged late Feb. 3 by the French Computer Emergency Response Team (CERT-FR), has already […]


Threats & Malware, Vulnerabilities

Critical vulnerability in Spotify’s Backstage discovered, patched

November 15, 2022

Via: Help Net Security

A critical unauthenticated remote code execution vulnerability in Spotify’s Backstage project has been found and fixed, and developers are advised to take immediate action in their environments. What is Backstage? Having more than 19,000 stars on Github, Backstage is one […]


Mobile, Threats & Malware, Vulnerabilities, Wireless security

Google Patches Critical Android Flaw Allowing Remote Code Execution via Bluetooth

August 2, 2022

Via: Security Week

The critical vulnerability is tracked as CVE-2022-20345 and it affects the System component. It has been patched with Android 12 and 12L updates. According to Google, an attacker does not require additional execution privileges to remotely execute arbitrary code over […]


Threats & Malware, Vulnerabilities

Critical Code Execution Flaws Patched in ‘PHP Everywhere’ WordPress Plugin

February 10, 2022

Via: Security Week

With more than 30,000 downloads, the PHP Everywhere plugin is an open-source plugin designed to enable PHP code everywhere in the WordPress installation. The latest PHP Everywhere iteration was released last month with patches for three critical vulnerabilities (CVSS score […]


Threats & Malware, Vulnerabilities

Log4Shell-like Critical RCE Flaw Discovered in H2 Database Console

January 7, 2022

Via: The Hacker News

Researchers have disclosed a security flaw affecting H2 database consoles that could result in remote code execution in a manner that echoes the Log4j “Log4Shell” vulnerability that came to light last month. The issue, tracked as CVE-2021-42392, is the ” […]


Threats & Malware, Vulnerabilities

Watch out, hackers can take over your Cosori Smart Air Fryer

April 20, 2021

Via: Security Affairs

Security experts from Cisco Talos have found two remote code execution (RCE) vulnerabilities in the Cosori Smart Air Fryer. The Cosori Smart Air Fryer is an appliance with smart capabilities that cooks food with a variety of methods and settings. […]


Threats & Malware, Vulnerabilities

Remote Code Execution Vulnerability Patched in Drupal

November 19, 2020

Via: Security Week

The vulnerability, tracked as CVE-2020-13671, has been classified as critical, but it’s worth mentioning that Drupal uses the NIST Common Misuse Scoring System, which assigns vulnerabilities a score ranging between 0 and 25, with “critical” being only the second highest […]


Threats & Malware, Vulnerabilities

Google fixes the second zero-day in Chrome in 2 weeks actively exploited

November 3, 2020

Via: Security Affairs

Google has released Chrome 86.0.4240.183 for Windows, Mac, and Linux that address ten security vulnerabilities including a remote code execution (RCE) zero-day (CVE-2020-16009) exploited by threat actors in the wild. The RCE is an inappropriate implementation in V8, which is […]


Threats & Malware, Vulnerabilities

Cisco fixes 5 critical flaws that could allow router firewall takeover

July 16, 2020

Via: Security Affairs

Cisco has released security updates to address critical remote code execution (RCE), authentication bypass, and static default credential vulnerabilities affecting multiple router and firewall devices. An attacker could exploit the vulnerabilities to completely takeover the network devices. Cisco also addressed […]


Threats & Malware, Vulnerabilities

Critical RCE Vulnerability in Facebook Server Patched, Researcher Nabs $5,000 Bounty

August 28, 2018

Via: Hot for Security

A critical remote code execution vulnerability in a Facebook server was recently patched after security researcher Daniel ‘Blaklis’ Le Gall reported it using a proof-of-concept. The vulnerability was found in an unstable Sentry service – a cross-platform application capable of […]