ThinkPHP 5.x Remote Code Execution Vulnerability Threat Alert

Overview Recently, ThinkPHP posted a blog, announcing the release of an important update that addresses a critical vulnerability. This security update fixes a getShell vulnerability caused by the framework’s insufficient checks on controller names in case forced routing is not enabled. The vulnerability, which affects ThinkPHP 5.0 and 5.1, is […]

Adobe Flash Player 0-Day Vulnerabilities Threat Alert

Overview On December 5, 2018, local time, Adobe released a security bulletin to document the remediation of two vulnerabilities, namely a critical 0-day vulnerability (CVE-2018-15982) in Adobe Flash Player and an important vulnerability (CVE-2018-15983) in Adobe Flash Player installer.

Analysis Report of the XorDDoS Malware Family

At the end of September 2014, MalwareMustDie discovered XorDDoS, which builds a botnet that can be used for launching DDoS attacks. The main characteristic of the XorDDoS family is that it compromises the target host by brute-force guessing against weak SSH passwords and executes corresponding shell scripts to install the […]

Microsoft Released September 2018 Patches to Fix 64 Security VulnerabilitiesThreat Alert

Overview   On Tuesday, Microsoft released September 2018 security updates to fix 64 vulnerabilities, ranging from spoofing attacks to remote code execution vulnerabilities. Affected products include .NET Core, Active Directory, Adobe Flash Player, Azure, BitLocker, Internet Explorer, Microsoft Drivers, Microsoft Dynamics, Microsoft Edge, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft JScript, […]

Apache Struts2 Commons FileUpload Deserialization Remote Code Execution Vulnerability (CVE-2016-100031)Threat Alert

Vulnerability Overview Recently, Apache Software Foundation (ASF) has released a security advisory to strongly advise users of Apache Struts2.3.X to upgrade the Apache Commons FileUpload component. Struts 2.3.x, by default, uses the Commons FileUpload component of V1.3.2. Early in 2016, this component of V1.3.2 is disclosed to contain a deserialization […]