+44 (0)203 88 020 88

Menu

Search

web applications

Drupal vulnerability affects a million sites

A vulnerability in the Drupal web content management system can be exploited to allow arbitrary code execution, affecting almost a million websites. A security advisory from Drupal describes how this critical vulnerability can be exploited to perform arbitrary execution of PHP code.  Security patches are available for Drupal versions 7, 8 and 9. The problem

Drupal vulnerability affects a million sites Read More »

Hackers target Oracle WebLogic vulnerability

Oracle patched a vulnerability in their WebLogic server in October 2020 – eight days later working exploit code was published online and now it is being used by criminals. CVE-2020-14882 allows an attacker to perform a Remote Code Execution attack with minimal effort or skill required.  Juniper Networks security researchers reports at least five different

Hackers target Oracle WebLogic vulnerability Read More »

Exchange Server RCE exploited in the wild

Microsoft has released a patch to a remote code execution vulnerability in Exchange server which is being actively targeted. CVE-2020-0688 is a flaw in the installation procedure resulting in all Exchange Servers using the same cryptographic keys for ASP.NET ViewState data.  A detailed write-up by the Zero Day Initiative demonstrates the flaw in action. In summary:

Exchange Server RCE exploited in the wild Read More »

0

No products in the basket.

No products in the basket.