Security Advisories & Alerts


Apache Tomcat Remote Code Execution via JSP Upload & Information Disclosure

Description: The Apache Foundation has released security updates to address vulnerabilities in Apache Tomcat. When running on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request....

Read more


Avast’s Piriform Releases Security Update for CCleaner

Description: Piriform, a subsidiary of Avast, has released CCleaner 5.34 and has pushed v1.07.3214 to CCleaner Cloud users. These versions do not contain the Floxif malware found in the 32-bit versions of CCleaner 5.33.6162 and CCleaner Cloud 1.07.3191 Impact: An unauthorized modification of the CCleaner.exe binary resulted in an insertion...

Read more


VMware Releases Security Updates

Description:  VMware releases security updates to address vulnerabilities. This release consists of security updates for the following software: ESXi vCenter Server Fusion Workstation Impact: An attacker who successfully exploited the vulnerability could take control of an affected system. Mitigation: Updates are available. Please check specific vendor advisory for more information. Reference...

Read more


Microsoft Releases September 2017 Security Updates

Description:  Microsoft releases security updates for September 17. This release consists of security updates for the following software: Microsoft Excel 2016 for Mac Microsoft Office 2016 for Mac Microsoft .NET Framework Windows Server 2008 Impact: An attacker who successfully exploited the vulnerability could take control of an affected system. Mitigation:...

Read more


Sudo CVE-2017-1000368 Incomplete Fix Local Privilege Escalation Vulnerability

Description:  Todd Miller’s sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution. Impact: Local attackers could exploit this issue to run arbitrary commands with root privileges. This issue is fixed in sudo 1.8.20p2. NOTE: This...

Read more


Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability

Description:   The REST Plugin is using a XStreamHandler with an instance of XStream for deserialization without any type filtering and this can lead to Remote Code Execution when deserializing XML payloads. Impact: Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected...

Read more


Symantec Messaging Gateway CVE-2017-6326 Remote Code Execution Vulnerability

Description:   The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. Impact: Attackers can exploit this issue to execute arbitrary code on the affected...

Read more


Page 21 of 35« First...10...1920212223...30...Last »