RIPS Technologies (www. www.ripstech.com/) published an arbitrary file deletion vulnerability in the WordPress core on 26 June 2018. Any WordPress version including the current version is affected. After an attacker gains the privileges to edit and delete media files, the vulnerability can be used to escalate privileges attained through the […]
NSFOCUS Weekly Cybersecurity Report (ID: 201825)
Internet Threat Status CVE Statistics From the figure above, we can see an obvious rise in CVE IDs over last week. Besides, the fact that quite a few vulnerabilites were disclosed or discovered recently also reminded people to keep close attention to their systems’ security. Threat Review Quarterly Threat Report […]
NSFOCUS Weekly Cybersecurity Report
(Report ID: 201824) Internet Threat Status CVE Statistics Last week we saw a slight increase in the total entries of CVE IDs. Threat Review New ‘Lazy FP State Restore’ Vulnerability Found in All Modern Intel CPUs Date: 06-13-2018 Description: Hell Yeah! Another security vulnerability has been discovered in Intel […]
Zip Slip Vulnerability Advisory
On 5th June 2018 Snyk Security team disclosed a Zip Slip vulnerability, which could result in potential command execution using a specially crafted archive that holds directory traversal filenames . Reference: https://snyk.io/research/zip-slip-vulnerability Description Attackers could use a specially crafted archive holding directory traversal filenames (e.g. ../../evil.sh) to trigger this vulnerability. […]
Cisco IOS XE AAA RCE Vulnerability
Cisco released an advisory on 6th June for a critical vulnerability (CVE-2018-0315) in its Authentication, Authorization, and Accounting Login Authentication service. It could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause an affected device to reload, resulting in a denial of service condition. […]