Remote Code Execution – Computer Security Articles

Credit to Author: Microsoft Threat Intelligence| Date: Fri, 15 Dec 2023 17:00:00 +0000

Four new unauthenticated remotely exploitable security vulnerabilities discovered in the popular source code management platform Perforce Helix Core Server have been remediated after being responsibly disclosed by Microsoft. Perforce Server customers are strongly urged to update to version 2023.1/2513900.

The post Patching Perforce perforations: Critical RCE vulnerability discovered in Perforce Helix Core Server appeared first on Microsoft Security Blog.

MalwareBytes Security

Update vCenter Server now! VMWare fixes critical vulnerability

October 30, 2023 admin Business, cve-2023-34048, cve-2023-34056, dce/rpc, Exploits and vulnerabilities, Information Disclosure, news, out-of-bounds write, Remote Code Execution, vcenter server, VMware

VMWare has issued an update to address one out-of-bounds write and one information disclosure vulnerability in its server management software, vCenter Server. Since…

MalwareBytes Security

Update vCenter Server now! VMWare fixes critical vulnerability

Categories: Business

Categories: Exploits and vulnerabilities

Categories: News

Tags: VMWare

Tags: vCenter Server

Tags: CVE-2023-34056

Tags: CVE-2023-34048

Tags: DCE/RPC

Tags: out of bounds write

Tags: information disclosure

Tags: remote code execution

VMWare has issued an update to address out-of-bounds write and information disclosure vulnerabilities in its server management software, vCenter Server.

Independent Securiteam

SSD Advisory – SME Server Unauthenticated XSS To Privileged Remote Code Execution

January 7, 2019 admin Cross Site Scripting, Privilege Escalation, Remote Code Execution, SecuriTeam Secure Disclosure

Credit to Author: SSD / Ori Nimron| Date: Mon, 07 Jan 2019 13:21:59 +0000

Vulnerabilities Summary The following advisory describes a vulnerability in SME Server 9.2, which lets an unauthenticated attackers perform XSS attack that leads to remote code execution as root. SME Server is a Linux distribution for small and medium enterprises by Koozali foundation. CVE CVE-2018-18072 Credit An independent security researcher, Karn Ganeshen has reported this vulnerability … Continue reading SSD Advisory – SME Server Unauthenticated XSS To Privileged Remote Code Execution

Independent Securiteam

SSD Advisory – Symfony Framework forward() Remote Code Execution

November 4, 2018 admin Remote Code Execution, SecuriTeam Secure Disclosure

Credit to Author: SSD / Ori Nimron| Date: Sun, 04 Nov 2018 14:21:53 +0000

Vulnerability Summary The following advisory describes a vulnerability found in Symfony 3.4 – a PHP framework that is used to create websites and web applications. Built on top of the Symfony Components. Under certain conditions, the Symfony framework can be abused to trigger RCE in the HttpKernel (http-kernel) component, while forward() is considered by the … Continue reading SSD Advisory – Symfony Framework forward() Remote Code Execution

Independent Securiteam

SSD Advisory – Chrome Type Confusion in JSCreateObject Operation to RCE

October 29, 2018 admin Remote Code Execution, SecuriTeam Secure Disclosure, Type Confusion

Credit to Author: SSD / Ori Nimron| Date: Mon, 29 Oct 2018 09:21:47 +0000

Vulnerabilities Summary The following advisory discusses a vulnerability found in turbofan, the JIT compiler. We can trigger the JavaScript code in a way that leads to type confusion that can be exploited in order to execute code remotely on Google Chrome Versions 69.0 and before. Vendor Response Vendor has fixed the issue in Google Chrome … Continue reading SSD Advisory – Chrome Type Confusion in JSCreateObject Operation to RCE

Independent Securiteam

SSD Advisory – Firefox JavaScript Type Confusion RCE

October 14, 2018 admin Hack2Win, Remote Code Execution, SecuriTeam Secure Disclosure

Credit to Author: SSD / Ori Nimron| Date: Sun, 14 Oct 2018 12:00:10 +0000

Vulnerabilities Summary A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write, which leads to remote code execution inside the sandboxed content process when triggered. Vendor Response The reported security vulnerability was fixed in Firefox 62.0.3 and Firefox ESR 60.2.2. CVE CVE-2018-12386 Credit Independent security researchers, … Continue reading SSD Advisory – Firefox JavaScript Type Confusion RCE

Independent Securiteam

SSD Advisory – CloudByte ElastiStor OS Unauthenticated Remote Code Execution

August 23, 2018 admin Remote Code Execution, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Ori Nimron| Date: Thu, 23 Aug 2018 10:57:33 +0000

Vulnerabilities Summary The following advisory describes two vulnerabilities found in ElastiCenter, ElastiStor’s management console, File Injection that leads to unauthenticated remote code execution. ElastiCenter is the centralized management tool that you use to configure, monitor, manage, and deploy the services provided by CloudByte ElastiStor. ElastiCenter lets you: Use the Graphical User Interface to manage the … Continue reading SSD Advisory – CloudByte ElastiStor OS Unauthenticated Remote Code Execution

← Previous