#

[Alert] WebLogic Deserialization Vulnerability CVE-2018-2893

On March 28, 2018, a highly critical remote code execution vulnerability (CVE-2018-2893) in the popular open-source Drupal CMS was exposed.

Date Published:2018-07-25 Read More >>

Recent Security Event

#

[Security Alert] Local File Inclusion Vulnerability in phpMyAdmin

On June, 21, 2018, a security research institution released an article saying that local file inclusion vulnerability can cause webshell to be written to database and result in Getshell. Additionally, it is described in this article that attackers can use WebShell as the field value of data table and write it to database file, to trigger local file inclusion vulnerability and then implement Getshell.

  • Source:SANGFOR Security Center
  • Date Published:2018-06-26
#

Drupal Remote Code Execution Vulnerability(CVE-2018-7600)

On March 28, 2018, a highly critical remote code execution vulnerability (CVE-2018-7600) in the popular open-source Drupal CMS was exposed.

  • Source:SANGFOR Security Center
  • Date Published:2018-05-04
#

[Security Alert] WebLogic Server Vulnerability CVE-2017-10271

Recently, a great many enterprises had WebLogic servers attacked by hackers. Sangfor Security Team released a security alert that unpatched WebLogic servers contain high-threat vulnerability (CVE-2017-10271). As of now, more than one exploit kits are available on the Internet.

  • Source:SANGFOR Security Center
  • Date Published:2018-01-03
#

Remote Code Execution Vulnerability in Struts 2(S2-052)

Apache released a security bulletin(S2-052) addressing a security vulnerability(CVE-2017-9805) in Struts 2. The bulletin says that a remote code execution(RCE) attack is possible when using the Struts REST plugin with XStream handler to deserialize XML requests. Attackers can take advantage of this vulnerability to perform such operations as adding or deleting user accounts, viewing, modifying or deleting files, inserting backdoor, etc.

  • Source:SANGFOR Security Center
  • Date Published:2017-09-08
#

Remote Code Execution Vulnerability in Struts 2(S2-048)

On the evening of July, 7th, 2017, Apache released a security bulletin(S2-045) addressing a security vulnerability(CVE-2017-5638) in Struts 2. The bulletin says that the application Showcase in Struts2 contains remote code execution vulnerability, which can be used by attackers to perform such operations as adding user accounts, viewing, modifying or deleting files, etc.

  • Source:SANGFOR Security Center
  • Date Published:2017-07-25