Multiple Zoho ManageEngine ADSelfService Plus instances are vulnerable to a vulnerability that could allow an authenticated end-user to gain remote code execution on a vulnerable ADSelfService Plus. Assigned with CVE-2022-28810, the vulnerability was fixed by Zoho on April 9, 2022, but the flaw is being exploited in the wild. CISA has added the vulnerability … Continue reading “Zoho Patched Remote Code Execution Vulnerability in ManageEngine ADSelfService Plus (CVE-2022-28810)”
Tag: Remote Code Execution Vulnerability
Cisco Patched Multiple Vulnerabilities in IP Phone 6800, 7800, 7900, and 8800 Series (CVE-2023-20078 & CVE-2023-20079)
Cisco has released a security advisory to address two critical vulnerabilities in its IP Phone 6800, 7800, 7900, and 8800 Series Web UI. CVE-2023-20078 may allow an unauthenticated, remote attacker to inject arbitrary commands executed with root privileges. CVE-2023-20079 may allow an unauthenticated, remote attacker to reload the affected device, resulting in a … Continue reading “Cisco Patched Multiple Vulnerabilities in IP Phone 6800, 7800, 7900, and 8800 Series (CVE-2023-20078 & CVE-2023-20079)”
jai-ext Remote Code Execution Vulnerability (CVE-2022-24816)
jai-ext, a JAI extension API, is vulnerable to a command injection vulnerability. Assigned with CVE-2022-24816, the vulnerability may allow an attacker to execute code remotely on a vulnerable system. The vulnerability is rated as critical and has a CVSSv3 base score of 9.8. Security researchers at Synacktiv have released a PoC. GeoServer is an … Continue reading “jai-ext Remote Code Execution Vulnerability (CVE-2022-24816)”
ZK Java Framework Remote Code Execution Vulnerability (CVE-2022-36537)
There is an active exploitation of a remote code execution vulnerability that affects multiple versions of the ZK Framework. Assigned with CVE-2022-36537, the vulnerability may allow an attacker to access critical information by sending a specially crafted POST request to the AuUploader component. Markus Wulftange of Code White GmbH discovered the vulnerability last year, and … Continue reading “ZK Java Framework Remote Code Execution Vulnerability (CVE-2022-36537)”
IBM Aspera Faspex Remote Code Execution Vulnerability (CVE-2022-47986)
IBM has released a security advisory to address ten vulnerabilities affecting its transfer solution Aspera Faspex. CVE-2022-47986 is the only critically rated vulnerability among the ten flaws that IBM addressed. Multiple remote code execution, cross-site scripting (XSS), denial of service (DoS), and other security vulnerabilities have been patched by IBM in this security update. CVE-2022-47986 … Continue reading “IBM Aspera Faspex Remote Code Execution Vulnerability (CVE-2022-47986)”
Oracle WebLogic Server Information Disclosure Vulnerability (CVE-2023-21839)
Oracle WebLogic server is vulnerable to an information disclosure flaw that can lead to remote code execution. Assigned with CVE-2023-21839, an attacker can exploit this vulnerability to gain unauthorized access to critical data. The vulnerability started getting noticed shortly after proof of concept (PoC) was published. Oracle WebLogic Server is a product of Oracle Fusion … Continue reading “Oracle WebLogic Server Information Disclosure Vulnerability (CVE-2023-21839)”
TerraMaster NAS Remote Code Execution Vulnerability (CVE-2022-24990)
TerraMaster NAS devices are vulnerable to a remote command execution vulnerability that could allow an unauthenticated attacker to execute commands as root. Tracked as CVE-2022-24990, the vulnerability is exploited via PHP Object Instantiation. CISA has added this vulnerability to its Known Exploited Vulnerabilities Catalog, requesting users to patch it soon. NAS (network-attached … Continue reading “TerraMaster NAS Remote Code Execution Vulnerability (CVE-2022-24990)”
Oracle E-Business Suite Remote Code Execution Vulnerability (CVE-2022-21587)
A critical remote code execution vulnerability in the Oracle E-Business suite is being exploited in the wild shortly after proof-of-concept (PoC) was published. Tracked as CVE-2022-21587, the vulnerability may allow an unauthenticated attacker to execute arbitrary code on the target system. It has been rated critical and given a CVSSv3 base score of 9.8. … Continue reading “Oracle E-Business Suite Remote Code Execution Vulnerability (CVE-2022-21587)”
CentOS Web Panel 7 (CWP7) Unauthenticated Remote Code Execution Vulnerability (CVE-2022-44877)
Malicious attackers exploit a critical vulnerability in the CentOS Web Panel (CWP). Tracked as CVE-2022-44877, this vulnerability could allow an attacker to gain unauthenticated remote code execution on vulnerable servers. The exploitation of this vulnerability began after the security researcher Numan Türle of Gais Cyber Security made the proof-of-concept code publicly available. CentOS Web Panel … Continue reading “CentOS Web Panel 7 (CWP7) Unauthenticated Remote Code Execution Vulnerability (CVE-2022-44877)”
VMware Released Patch for Multiple Vulnerabilities in VMware vRealize Log Insight (CVE-2022-31704, CVE-2022-31706, CVE-2022-31710, & CVE-2022-31711)
VMware has released a security advisory to address multiple vulnerabilities in its vRealize Log Insight product. The vulnerabilities have CVSSv3 scores ranging from 5.3 to 9.8. The vulnerabilities are being tracked as CVE-2022-31706, CVE-2022-31704, CVE-2022-31710, and CVE-2022-31711. vRealize Log Insight is used by infrastructure and applications in any environment for intelligent log management. This … Continue reading “VMware Released Patch for Multiple Vulnerabilities in VMware vRealize Log Insight (CVE-2022-31704, CVE-2022-31706, CVE-2022-31710, & CVE-2022-31711)”
