WordPress has released security updates to address a critical severity vulnerability Backup Migration Plugin. Tracked as CVE-2023-6553, the vulnerability may allow unauthenticated attackers to inject arbitrary PHP code, resulting in an entire site compromise. The vulnerability has been given a CVSS score of 9.8. The Nex Team has discovered the vulnerability and reported it to WordPress … Continue reading “WordPress Backup Migration Plugin Remote Code Execution Vulnerability (CVE-2023-6553)”
Tag: Remote Code Execution Vulnerability
Apache Struts2 Remote Code Execution Vulnerability (CVE-2023-50164)
Apache Struts, an open-source Model-View-Controller (MVC) framework, is vulnerable to a critical vulnerability that may lead to remote code execution. Tracked as CVE-2023-50164, the vulnerability has been addressed with security updates released by Apache.
Atlassian Patches Critical Vulnerabilities in Multiple Products (CVE-2022-1471, CVE-2023-22522, CVE-2023-22523, & CVE-2023-22524)
Atlassian has released security updates to address four critical vulnerabilities tracked as CVE-2022-1471, CVE-2023-22522, CVE-2023-22523, and CVE-2023-22524. On successful exploitation, all four vulnerabilities allow remote code execution. The vulnerabilities affect products, including Confluence, Jira, Bitbucket servers, and a companion app for macOS. Atlassian has not warned about the active exploitation of any of the vulnerabilities.
F5 BIG-IP Unauthenticated Remote Code Execution Vulnerability (CVE-2023-46747)
Thomas Hendrickson and Michael Weber of Praetorian Security, Inc. have discovered an authentication bypass vulnerability in F5 BIG-IP. Tracked as CVE-2023-46747, the vulnerability has a critical severity rating with a CVSS score of 9.8. Successful exploitation of the vulnerability may allow an attacker to perform remote code execution on the target system.
Progress Patches Multiple Vulnerabilities in WS_FTP Server (CVE-2023-40044 & CVE-2023-42657)
Progress Software has recently released patches to address multiple security vulnerabilities impacting the WS_FTP Server Ad hoc Transfer Module and the WS_FTP Server Manager interface. Out of eight vulnerabilities patched in the updates, two vulnerabilities, CVE-2023-40044 and CVE-2023-42657, are rated as critical. WinSock File Transfer Protocol, or WS_FTP, is a secure file transfer software package. The server … Continue reading “Progress Patches Multiple Vulnerabilities in WS_FTP Server (CVE-2023-40044 & CVE-2023-42657)”
CISA Added Red Hat JBoss RichFaces Framework Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2018-14667)
Red Hat JBoss RichFaces Framework is vulnerable to an expression language injection vulnerability tracked as CVE-2018-14667. The vulnerability may allow an attacker to perform code execution using a chain of Java serialized objects. The vulnerability has been given a critical severity rating with a CVSS score of 9.8. CISA has added the vulnerability to its … Continue reading “CISA Added Red Hat JBoss RichFaces Framework Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2018-14667)”
Craft CMS Remote Code Execution Vulnerability (CVE-2023-41892)
Craft CMS is vulnerable to a security vulnerability that may allow an attacker to perform remote code execution on successful exploitation. Tracked as CVE-2023-41892, the vulnerability has been given a critical severity with a CVSS score of 9.8. Craft is a flexible, user-friendly CMS that helps create custom digital experiences on the web and beyond. The … Continue reading “Craft CMS Remote Code Execution Vulnerability (CVE-2023-41892)”
CISA Added Apache RocketMQ Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2023-33246)
Apache RocketMQ servers have a vulnerability that attackers were exploiting. CVE-2023-33246 is a critical severity vulnerability that may allow an attacker to perform remote code execution on successful exploitation. Security researchers at Juniper Threat Labs have recently reported the exploitation of the vulnerability by DreamBus botnet malware. CISA has acknowledged its active exploitation by adding … Continue reading “CISA Added Apache RocketMQ Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2023-33246)”
CISA Added Citrix ShareFile StorageZones Controller Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2023-24489)
A critical severity vulnerability in the customer-managed ShareFile storage zones controller is exploited in the wild. CVE-2023-24489 has been given a CVSS score of 9.1. Successful exploitation of the vulnerability may allow an unauthenticated attacker to compromise the customer-managed ShareFile storage zones controller remotely. The vulnerability arises due to improper resource control that may lead … Continue reading “CISA Added Citrix ShareFile StorageZones Controller Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2023-24489)”
Atlassian Patches Remote Code Execution Vulnerabilities in Confluence and Bamboo (CVE-2023-22505, CVE-2023-22506, & CVE-2023-22508)
Atlassian Confluence Server & Data Center and Bamboo Data Center are affected by high-severity vulnerabilities: CVE-2023-22505, CVE-2023-22506, and CVE-2023-22508. The vulnerabilities may allow attackers to perform remote code execution on successful exploitation. Anonymous researchers have discovered and reported these vulnerabilities to Atlassian via their Bug Bounty and Penetration Testing programs. In February 2023, Atlassian addressed … Continue reading “Atlassian Patches Remote Code Execution Vulnerabilities in Confluence and Bamboo (CVE-2023-22505, CVE-2023-22506, & CVE-2023-22508)”