Oracle WebLogic Server is a Java EE application server currently developed by Oracle Corporation. A configured instance to host applications and resources. Oracle in October 2017 published a critical arbitrary code execution vulnerability concerning Oracle WebLogic and assigned cve CVE-2017-10271. The critical Java deserialization vulnerability in WebLogic’s ‘WLS Security’ subcomponent was the result of […]

Read More →

Image Source: mspoweruser.comMicrosoft fixed two critical remote code execution vulnerabilities, reported in ‘Microsoft Malware Protection Engine‘. Microsoft Malware Protection Engine scans files in real-time.  These capabilities like scanning, detection, and cleaning are available in products like Windows Defender, Malware scanner, Microsoft Security Essentials, Microsoft Forefront Endpoint Protection, Microsoft Forefront Security for SharePoint Service, Windows Intune Endpoint […]

Read More →

Image Source: thestack.com Intel identified eight security vulnerabilities and released security advisory last week, affecting Intel core CPU technologies Intel Management Engine (ME), Server Platform Service (SPS) and Trusted Execution Engine (TXE). These vulnerabilities allow an unauthorized process to access privileged content, attackers with local or remote admin access to the system to execute arbitrary […]

Read More →

  Source: thehackernews.com Return of Coppersmith’s Attack, or ROCA for short is a cryptographic weakness in generation of RSA keys, that allows the private key of a key pair to be recovered from the public key. RSA is a public key cryptosystem widely used for secure data transmission. The vulnerability tracked as CVE-2017-15361, affects RSA key […]

Read More →

Microsoft October 2017 Patch Tuesday addresses 62 security vulnerabilities in eight of it’s main product categories. Amoung these 28 CVE’s are rated as Critical, 34 are rated as Important. Microsoft addressed three publicly disclosed issues in the October 2017 Patch Tuesday update, one of them is actively exploited in the wild. The bug which is […]

Read More →

Apache Wicket  is an open source, server side, Java web application framework and used by quite a few big sites. It is discovered that the ‘encrypted url feature‘, which is expected to protect from CSRF (Cross-Site Request Forgery) attack, but it fails to provide enough protection against CSRF attack in Apache Wicket. Encrypted URLs and stateful […]

Read More →

Foxit reader is prone to two remote code execution zero day vulnerabilities, which are found by Steven Seeley (mr_me) and Ariele Caltabiano (kimiya). Both vulnerabilities are due to the lack of proper validation of user-supplied data, which can lead to writing arbitrary files into attacker controlled locations and also launching of any executable files. User interaction is […]

Read More →

Microsoft August 2017 Patch Tuesday addresses 48 security vulnerabilities in six of it’s main product categories. Amoung these 25 CVE’s are rated as Critical, 21 are rated as Important and 2 are rated as Moderate. More than two dozen remote code execution vulnerabilities are addressed in August 2017 security update. Among these security vulnerabilities, two […]

Read More →

Oracle has released 308 security updates as part of the quarterly patch release cycle. The Oracle Critical Patch Update – July 2017 provides fixes for a wide range of product families including Oracle Database Server, Oracle BI Publisher, Oracle Business Intelligence Enterprise Edition,  Oracle Endeca Server, Oracle Fusion Middleware, Oracle Outside In Technology,  Oracle WebLogic […]

Read More →

Adobe has released two security updates for Adobe Flash Player (APSB17-21) and Adobe Connect (APSB17-22) which covers a total of 6 CVEs. Adobe Flash Player addresses a critical vulnerability that could potentially allow an attacker to execute arbitrary code and resolves two important vulnerabilities that could lead to Information disclosure and Memory address disclosure. Adobe Connect addresses two […]

Read More →