A critical remote code execution (RCE) vulnerability affecting one of the widely used internet forum software vBulletin has been publicly disclosed. The vulnerability is identified with CVE-2019-16759 and allows an attacker to execute any command on the website like uploading malware, uploading shells or tampering with the website’s code. This vulnerability is believed to be […]

Read More →

Apple has released a set of Security Updates to address the vulnerabilities in its products. There are a total of 5 CVEs. The affected products are MacOS, Safari, tvOS, iOS and WatchOS. CVE-2019-8641 is considered critical and is classified as out-of-bounds read (CWE-125), where an attacker can read data past the end, or before the […]

Read More →

Adobe released security updates for three vulnerabilities in ColdFusion. Two vulnerabilities are rated critical for arbitrary code execution and one is rated important for information disclosure. Adobe ColdFusion is a rapid development platform used for building modern web applications. As per the advisory, the vulnerabilities are outlined as follows: CVE-2019-8072 : An information disclosure vulnerability […]

Read More →

Microsoft has released out-of-band security updates to fix a critical remote code execution vulnerability in Microsoft Internet Explorer being exploited in-the-wild and a denial of service vulnerability in Microsoft Defender. CVE-2019-1367 is a zero-day  remote code execution vulnerability that exists in the way the scripting engine in Internet Explorer handles objects in memory. This is […]

Read More →

Google has released urgent updates for 4 vulnerabilities. One of the vulnerability is rated Critical and the other three are rated High in severity. As per the Chrome advisory, the vulnerabilities are : CVE-2019-13685 : A critical Use-after-free issue in UI. CVE-2019-13688 :  A Use-after-free issue in media. CVE-2019-13687 :  A Use-after-free issue in media. […]

Read More →

  phpMyAdmin is a free tool used by millions around the world to manage MySQL and MariaDB databases over the web. Joomla, WordPress, etc are some of the popular products which use phpMyAdmin. Manuel Garcia Cardenas, a security researcher, discovered a CSRF vulnerability which can meddle with the server configurations in phpMyAdmin. An attacker can […]

Read More →

Microsoft released its Patch Tuesday security updates today, revised 80 common vulnerabilities and exposures (CVEs) in the family of Windows operating systems and other products. Out of these 17 are classified as “Critical“, 61 as “Important”, and 1 as “Moderate“. While most of the “Critical” rated vulnerabilities influence the scripting engines and browsers in an […]

Read More →

Exim is a message transfer agent (MTA) which runs on Unix-like systems. Exim is a widely used mail server. According to search results on Shodan, there are 5 milllion servers running Exim. A critical remote code execution vulnerability was discovered in Exim Server by Zerons. All the Exim servers accepting TLS connections are deemed to […]

Read More →

Samba is a file share server which is a re-implementation of the SMB protocol. Apart from being a server for sharing files and printers, Samba can also be used to access the file system on a Windows machine from a Unix machine. A security researcher, Stefan Metzmacher together with the Samba Team discovered a critical […]

Read More →