Oracle Critical Patch Update (CPU) Advisory was released on July 17. In this advisory, Oracle addressed a Weblogic deserialization problem (CVE-2018-2628) that disclosed in April but not completely fixed. The new CVE ID for the Weblogic vulnerability this time is CVE-2018-2893. Basic Scores (CVSS Version 3.0 Risk):9.8 You can […]
Cisco Policy Suite Cluster Manager Default Password Vulnerability
Cisco released an advisory on July 18 to alert users about a critical vulnerability (CVE-2018-0375) in its Cluster Manager of Cisco Policy Suite. This vulnerability could allow an unauthenticated, remote attacker to log in to an affected system using the root account, which has default, static user credentials. The vulnerability […]
MODX Revolution Remote Code Execution Vulnerability
Recently MODX announced two critical vulnerabilities (CVE-2018-1000207) in MODX Revolution 2.6.4 and earlier versions. A remote attacker could use the vulnerabilities to execute arbitrary code and further to control the website or delete files. Reference: https://forums.modx.com/thread/104040/revolution-2-6-4-and-prior-two-cricital-vulnerabilities-upgrade-mandatory-patch#dis-post-559515 Affected Versions MODX Revolution <= 2.6.4 Unaffected Versions Modx Revolution >= 2.6.5 Solution Users are […]
NSFOCUS Weekly Cybersecurity Report (ID: 201827)
(Report ID: 201827) Internet Threat Status CVE Statistics The number of new CVE IDs increased considerably last week. Threat Review XXE in WeChat Pay Sdk|WeChat leave a backdoor on merchant websites (07-01-2018) A payment security researcher found an XXE vulnerability in the JAVA version SDK. The attacker can build […]
XXE Vulnerability in WeChat Payment
The website Seclists.Org disclosed a vulnerability in WeChat Pay on 3 July 2018. It was found by a payment security researcher, who described that WeChat unintentionally provides an xxe vulnerability in the JAVA version SDK when merchants provide a notification URL to accept asynchronous payment results. The attacker can build […]
NSFOCUS Weekly Cybersecurity Report (ID: 201826)
Internet Threat Status CVE Statistics The number of new CVE IDs in last week was 193, a decrease compared with the previous week. Threat Review WPA3 Standard Officially Launches With New Wi-Fi Security Features (06-25-2018) The Wi-Fi Alliance today officially launched WPA3—the next-generation Wi-Fi security standard that promises […]