Oracle WebLogic Server RCE Deserialization Vulnerability Analysis

''

On April 17th local time, Oracle released the critical patch update (CPU) advisory, which contains a fix for the high-risk WebLogic server deserialization vulnerability (CVE-2018-2628), via which attackers can remotely execute arbitrary code in an unauthorized manner. Reference link: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html Affected Versions WebLogic 10.3.6.0 WebLogic 12.1.3.0 WebLogic 12.2.1.2 WebLogic 12.2.1.3 […]

Oracle WebLogic Server RCE Deserialization Vulnerability

''

On 17 April, the local time in California, Oracle released its Critical Patch Update(CPU) Advisory in which a critical WebLogic deserialization vulnerability (CVE-2018-2628) allowing remote code execution without authorization was disclosed. This vulnerability was first discovered by an NSFOCUS researcher, who reported it to Oracle immediately. More information about this […]

Iran’s 3,500 Switches Attacked – Cisco IOS/IOS XE Remote Code Execution Vulnerability CVE-2018-0171 Exploitation

''

News from The Iran Project, the Iranian cyber police confirmed Friday night that the country’s data center was attacked. The attack involved Iran 3500 switches, but the official in the country emphasized that the attack didn’t lead to sensitive data leakage. From description, the suspected attacker exploited the Cisco IOS / IOS […]

Cisco IOS/IOS XE Software Remote Code Execution Vulnerability (CVE-2018-0171)

''

Recently a serious vulnerability (CVE-2018-0171) was disclosed in Cisco IOS and IOS XE software. An attacker could reload an affected device without authorization, resulting in a denial of service condition or remote code execution. This vulnerability originated from improper validation of packet data. An attack could exploit this vulnerability by […]

Remote Code Execution Vulnerability in ManageEngine Applications Manager 13.5

''

Recently, researchers discovered a serious remote code execution (RCE) vulnerability (CVE-2018-7890) in ManageEngine Applications Manager. Vulnerabilities originate from the publicly accessible testCredential.do endpoint, which can result in remote code execution when validating user-supplied credentials. At present, no official version has been released to fix this vulnerability. Reference links: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7890 https://www.securityfocus.com/bid/103358 https://pentest.blog/advisory-manageengine-applications-manager-remote-code-execution-sqli-and/ […]

NSFOCUS Found Multiple Vulnerabilities in Schneider Pelco Sarix professional Cameras

''

Multiple vulnerabilities were found by NSFOCUS researchers in Schneider Pelco Sarix professional Cameras. These vulnerabilities included: CVE# Vulnerability Severity CVE-2018-7227 Information Disclosure Medium CVE-2018-7228 Admin Privilege Authentication Bypass High CVE-2018-7229 Admin Privilege Authentication Bypass High CVE-2018-7230 XML External Entity Vulnerability High CVE-2018-7231 Command Execution – ‘system.opkg.remove’ Critical CVE-2018-7232 Command Execution […]

Deep Analysis of Memcached Large DRDoS Attacks – China Telecom DamDDoS & NSFOCUS Jointly Released

''

Recently, many domestic and foreign security companies and agencies issued warnings about the Memcached Distributed Reflection Denial of Service attack, which aroused the concern of all parties. According to our monitoring, the peak traffic for this attack has now reached 1.35T. On Feb. 27, Memcached’s reflection DDoS attacks ranged from hundreds of […]