Oracle WebLogic Server is a Java EE application server currently developed by Oracle Corporation. A configured instance to host applications and resources. Oracle in October 2017 published a critical arbitrary code execution vulnerability concerning Oracle WebLogic and assigned cve CVE-2017-10271. The critical Java deserialization vulnerability in WebLogic’s ‘WLS Security’ subcomponent was the result of […]

Read More →

Image Source: mspoweruser.comMicrosoft fixed two critical remote code execution vulnerabilities, reported in ‘Microsoft Malware Protection Engine‘. Microsoft Malware Protection Engine scans files in real-time.  These capabilities like scanning, detection, and cleaning are available in products like Windows Defender, Malware scanner, Microsoft Security Essentials, Microsoft Forefront Endpoint Protection, Microsoft Forefront Security for SharePoint Service, Windows Intune Endpoint […]

Read More →

Image Source: thestack.com Intel identified eight security vulnerabilities and released security advisory last week, affecting Intel core CPU technologies Intel Management Engine (ME), Server Platform Service (SPS) and Trusted Execution Engine (TXE). These vulnerabilities allow an unauthorized process to access privileged content, attackers with local or remote admin access to the system to execute arbitrary […]

Read More →

  Source: thehackernews.com Return of Coppersmith’s Attack, or ROCA for short is a cryptographic weakness in generation of RSA keys, that allows the private key of a key pair to be recovered from the public key. RSA is a public key cryptosystem widely used for secure data transmission. The vulnerability tracked as CVE-2017-15361, affects RSA key […]

Read More →

Microsoft October 2017 Patch Tuesday addresses 62 security vulnerabilities in eight of it’s main product categories. Amoung these 28 CVE’s are rated as Critical, 34 are rated as Important. Microsoft addressed three publicly disclosed issues in the October 2017 Patch Tuesday update, one of them is actively exploited in the wild. The bug which is […]

Read More →

Apache Wicket  is an open source, server side, Java web application framework and used by quite a few big sites. It is discovered that the ‘encrypted url feature‘, which is expected to protect from CSRF (Cross-Site Request Forgery) attack, but it fails to provide enough protection against CSRF attack in Apache Wicket. Encrypted URLs and stateful […]

Read More →