1 Vulnerability Overview Recently, ThinkPHP posted a blog, announcing the release of an update that addresses a high-risk remote code execution (RCE) vulnerability. This vulnerability stems from the framework’s insufficient checks on controller names, which, in case forced routing is not enabled, would allow arbitrary code execution or even access […]
Overview Recently, ThinkPHP posted a blog, announcing the release of an important update that addresses a critical vulnerability. This security update fixes a getShell vulnerability caused by the framework’s insufficient checks on controller names in case forced routing is not enabled. The vulnerability, which affects ThinkPHP 5.0 and 5.1, is […]
Vulnerability Overview Recently, Apache Software Foundation (ASF) has released a security advisory to strongly advise users of Apache Struts2.3.X to upgrade the Apache Commons FileUpload component. Struts 2.3.x, by default, uses the Commons FileUpload component of V1.3.2. Early in 2016, this component of V1.3.2 is disclosed to contain a deserialization […]
Overview Recently, VMware has released a security advisory to document the remediation of two critical vulnerabilities (CVE-2018-6981 and CVE-2018-6982) in VMware ESXi, Workstation, and Fusion. The two vulnerabilities were disclosed by a Chinese cybersecurity firm Chaitin Tech at the international hacking contest GeekPwn2018.
Overview Recently, AVEVA released a security bulletin to announce the remediation of two critical vulnerabilities in industrial software. CVE-2018-17916 is a stack overflow vulnerability that can be triggered by sending a crafted packet, leading to remote code execution by an unauthorized user. CVE-2018-17914 stems from an empty password in the […]