As a part of their usual process of Patch Tuesday, Microsoft has released patches to mitigate security flaws in products such as Windows, Exchange Server, Internet Explorer, Office, Hyper-V, Visual Studio, and Skype for Business. A new Windows network Remote Code Execution (RCE) zero-day exploit – CVE-2021-31166, has been in the news since Patch Tuesday. … Continue reading “Microsoft Windows HTTP Protocol Stack Remote Code Execution Vulnerability (CVE-2021-31166)”
21 Nails: Exim Mail Server Multiple Vulnerabilities
The Qualys Research Team (QRT) has discovered multiple vulnerabilities in the Exim mail server, some of the which can be chained together and have devastating impact via full remote unauthenticated code execution to gain root privileges. The name “21Nails” is a pun intended on vulnerabilities in a “Mail” transfer agent, corresponding to each CVE listed … Continue reading “21 Nails: Exim Mail Server Multiple Vulnerabilities”
Pulse Connect Secure Remote Code Execution Vulnerability (CVE-2021-22893)
An authenticated bypass vulnerability was discovered under Pulse Connect Secure (PCS), that allows an unauthenticated user to perform remote arbitrary file execution on the Pulse Connect Secure gateway. News in the wild states that the new zero-day vulnerability in Pulse Secure VPN devices with CVE-2021-22893 were exploited to take over multiple US and European government … Continue reading “Pulse Connect Secure Remote Code Execution Vulnerability (CVE-2021-22893)”
Google Chrome and Microsoft Edge Zero-day Remote Code Execution Vulnerability
The second and effective zero day on Chromium-based browsers such as Google Chrome and Microsoft Edge was posted consecutively, just after yesterday’s zero-day RCE. This time, Frust, a security researcher, tweeted about a zero-day remote code execution vulnerability creating havoc in the browser-based vulnerability trend. He has released a working proof-of-concept exploit. Unless a threat … Continue reading “Google Chrome and Microsoft Edge Zero-day Remote Code Execution Vulnerability”
Google Chrome Zero-day Remote Code Execution Vulnerability
Rajvardhan Agarwal, a security researcher, recently tweeted about a zero-day remote code execution vulnerability creating havoc in the browser-based vulnerability trend. Hereleased a working proof-of-concept exploit for the RCE for the V8 JavaScript engine in Chromium-based browsers. This zero-day concerns a remote code execution vulnerability in the V8 JavaScript rendering engine that powers the web … Continue reading “Google Chrome Zero-day Remote Code Execution Vulnerability”
SAP Multiple Vulnerabilities (CVE-2020-6287, CVE-2020-6207, CVE-2018-2380, CVE-2016-9563, CVE-2016-3976, CVE-2010-5326)
Unpatched SAP applications are vulnerable and actively exploited in the wild as per the report jointly published by SAP and Onapsis on Tuesday. Applications such as enterprise resource planning, customer relationship management software, and supply chain systems are being targeted. Onapsis researchers have recorded more than 300 successful exploit attempts from the middle of 2020 … Continue reading “SAP Multiple Vulnerabilities (CVE-2020-6287, CVE-2020-6207, CVE-2018-2380, CVE-2016-9563, CVE-2016-3976, CVE-2010-5326)”
VMware vRealize Operations Manager API Server Side Request Forgery (SSRF) Vulnerability (CVE-2021-21975)
VMware vRealize Suite, formerly called vCenter Operations Management Suite, is a software platform designed to help IT administrators build and manage heterogeneous, hybrid clouds. An unauthenticated Server Side Request Forgery (SSRF) vulnerability has recently been identified in VMware vRealize Operations Manager API. Attackers can exploit this vulnerability to perform unauthenticated Remote Code Execution (RCE), internal … Continue reading “VMware vRealize Operations Manager API Server Side Request Forgery (SSRF) Vulnerability (CVE-2021-21975)”
Apache Solr Arbitrary File Read Vulnerability (Zero Day)
Recently, a critical zero-day vulnerability was observed in Apache Solr. Apache Solr, written in Java, is an open-source enterprise search platform from the Apache Lucene project. Its major features include full-text search, hit highlighting, faceted search, real-time indexing, dynamic clustering, database integration, NoSQL features and rich document handling. As it has a dynamic range of … Continue reading “Apache Solr Arbitrary File Read Vulnerability (Zero Day)”
Google Chrome Exploit In The wild (CVE-2021-21193)
Overview On March 12, 2021, Google released an Update for the Chrome browser. According to Google, the Stable Channel has been updated to version 89.0.4389.90 for Windows, Mac, and Linux. It will be rolled out over the next few days or weeks. Description The Google Chrome team has fixed 5 high severity security bugs, out … Continue reading “Google Chrome Exploit In The wild (CVE-2021-21193)”
F5 BIG-IP Remote Code Execution Vulnerabilities (CVE-2021-22986, CVE-2021-22987, CVE-2021-22988, CVE-2021-22989, CVE-2021-22990, CVE-2021-22991, CVE-2021-22992)
Overview On 10th March 2021, F5 released a security advisory to address multiple vulnerabilities for BIG-IP – CVE-2021-22986, CVE-2021-22987, CVE-2021-22988, CVE-2021-22989, CVE-2021-22990, CVE-2021-22991, and CVE-2021-22992. Out of 7, 4 vulnerabilities are flagged as Critical, 2 rated as High and one rated as Medium in severity. Successful exploitation of these vulnerabilities could allow a remote attacker … Continue reading “F5 BIG-IP Remote Code Execution Vulnerabilities (CVE-2021-22986, CVE-2021-22987, CVE-2021-22988, CVE-2021-22989, CVE-2021-22990, CVE-2021-22991, CVE-2021-22992)”