The Apache Software Foundation on Friday addressed a high severity vulnerability in Apache OFBiz that could have allowed an unauthenticated adversary to remotely seize control of the open-source enterprise resource planning (ERP) system. Tracked as CVE-2021-26295, the flaw affects all versions of the software prior to 17.12.06 and employs an "unsafe deserialization" as an … [Read more...] about Critical RCE Vulnerability Found in Apache OFBiz ERP Software—Patch Now
RCE
Critical Pre-Auth RCE Flaw Found in F5 Big-IP Platform — Patch ASAP!
Application security company F5 Networks on Wednesday published an advisory warning of four critical vulnerabilities impacting multiple products that could result in a denial of service (DoS) attack and even unauthenticated remote code execution on target networks. The patches concern a total of seven related flaws (from CVE-2021-22986 through CVE-2021-22992), two of which were … [Read more...] about Critical Pre-Auth RCE Flaw Found in F5 Big-IP Platform — Patch ASAP!
Zero-Click Wormable RCE Vulnerability Reported in Microsoft Teams
A zero-click remote code execution (RCE) bug in Microsoft Teams desktop apps could have allowed an adversary to execute arbitrary code by merely sending a specially-crafted chat message and compromise a target's system. The issues were reported to the Windows maker by Oskars Vegeris, a security engineer from Evolution Gaming, on August 31, 2020, before they were addressed at … [Read more...] about Zero-Click Wormable RCE Vulnerability Reported in Microsoft Teams
17-Year-Old Critical ‘Wormable’ RCE Vulnerability Impacts Windows DNS Servers
Cybersecurity researchers today disclosed a new highly critical "wormable" vulnerability—carrying a severity score of 10 out of 10 on the CVSS scale—affecting Windows Server versions 2003 to 2019.The 17-year-old remote code execution flaw (CVE-2020-1350), dubbed 'SigRed' by Check Point, could allow an unauthenticated, remote attacker to gain domain administrator privileges over … [Read more...] about 17-Year-Old Critical ‘Wormable’ RCE Vulnerability Impacts Windows DNS Servers
Critical RCE Flaw (CVSS 10) Affects F5 BIG-IP Application Security Servers
Cybersecurity researchers today issued a security advisory warning enterprises and governments across the globe to immediately patch a highly-critical remote code execution vulnerability affecting F5's BIG-IP networking devices running application security servers.The vulnerability, assigned CVE-2020-5902 and rated as critical with a CVSS score of 10 out of 10, could let remote … [Read more...] about Critical RCE Flaw (CVSS 10) Affects F5 BIG-IP Application Security Servers
Zero-day RCE vulnerabilities in Windows Adobe Type Manager Library actively exploited
Updated on April 14. Microsoft has issued a warning about two new vulnerabilities in the Adobe Type Manager Library. Moreover, according to their information, some attackers are already exploiting them in targeted attacks. On April 14, Microsoft released security updates that address these vulnerabilities. What is Adobe Type Manager Library and how is it vulnerable There were … [Read more...] about Zero-day RCE vulnerabilities in Windows Adobe Type Manager Library actively exploited
Watch Out IT Admins! Two Unpatched Critical RCE Flaws Disclosed in rConfig
If you're using the popular rConfig network configuration management utility to protect and manage your network devices, here we have an important and urgent warning for you.A cybersecurity researcher has recently published details and proof-of-concept exploits for two unpatched, critical remote code execution vulnerabilities in the rConfig utility, at least one of which could … [Read more...] about Watch Out IT Admins! Two Unpatched Critical RCE Flaws Disclosed in rConfig
7-Year-Old Critical RCE Flaw Found in Popular iTerm2 macOS Terminal App
A 7-year-old critical remote code execution vulnerability has been discovered in iTerm2 macOS terminal emulator app—one of the most popular open source replacements for Mac's built-in terminal app.Tracked as CVE-2019-9535, the vulnerability in iTerm2 was discovered as part of an independent security audit funded by the Mozilla Open Source Support Program (MOSS) and conducted by … [Read more...] about 7-Year-Old Critical RCE Flaw Found in Popular iTerm2 macOS Terminal App
[Unpatched] Critical 0-Day RCE Exploit for vBulletin Forum Disclosed Publicly
An anonymous hacker today publicly revealed details and proof-of-concept exploit code for an unpatched, critical zero-day remote code execution vulnerability in vBulletin—one of the widely used internet forum software, The Hacker News has learned.One of the reasons why the vulnerability should be viewed as a severe issue is not just because it is remotely exploitable, but also … [Read more...] about [Unpatched] Critical 0-Day RCE Exploit for vBulletin Forum Disclosed Publicly
Zoom RCE Flaw Also Affects Its Rebranded Versions RingCentral and Zhumu
The same security vulnerabilities that were recently reported in Zoom for macOS also affect two other popular video conferencing software that under the hood, are just a rebranded version of Zoom video conferencing software.Security researchers confirmed The Hacker News that RingCentral, used by over 350,000 businesses, and Zhumu, a Chinese version of Zoom, also runs a hidden … [Read more...] about Zoom RCE Flaw Also Affects Its Rebranded Versions RingCentral and Zhumu