Zend Framework Remote Code Execution vulnerability (CVE-2021-3007)

Zend Framework, used by developers to build object-oriented web applications, consists of PHP packages installed millions of times all over the globe. The framework along with Laminas Project is vulnerable to untrusted deserialization, leveraging attacker’s ability to exploit it to gain Remote Code Execution (RCE) on vulnerable PHP sites. Tracked as CVE-2021-3007 and rated high-risk, … Continue reading “Zend Framework Remote Code Execution vulnerability (CVE-2021-3007)”

PhpFileManager 0.9.8 Remote Command Execution Vulnerability(CVE-2015-5958)

Summary: phpFileManager version suffers from a RCE vulnerability that can be executed via cross site request forgery. Product: phpFileManager version 0.9.8 Vulnerability Type: Remote Command Execution CVE Reference: CVE-2015-5958 Description: PHPFileManager is vulnerable to remote command execution and  execute operating system commands via GET requests from a victims browser.Once the call to the operating systems … Continue reading “PhpFileManager 0.9.8 Remote Command Execution Vulnerability(CVE-2015-5958)”

IBM QRadar Authentication Bypass: CVE-2018-1418

Multiple vulnerabilities in IBM QRadar have been disclosed. Upon successful exploitation an attacker can bypass authentication and achieve remote code execution. CVE-2018-1418 has been assigned to track this vulnerability. IBM Qradar is an SIEM tool used to detect and analyze security anomalies. The issue affects QRadar SIEM 7.3.0 to 7.3.1 Patch 2 and 7.2.0 to 7.2.8 … Continue reading “IBM QRadar Authentication Bypass: CVE-2018-1418”