Security
Headlines
HeadlinesLatestCVEs

Tag

#rce

Microsoft Patch Tuesday July 2022: propaganda report, CSRSS EoP, RPC RCE, Edge, Azure Site Recovery

Hello everyone! Microsoft has been acting weird lately. I mean the recent publication of a propaganda report about evil Russians and how Microsoft is involved in the conflict between countries. It wouldn’t be unusual for a US government agency, NSA or CIA to publish such a report. But when a global IT vendor, which, in […]

Alexander V. Leonov
Open in Source
#vulnerability#web#mac#windows#google#microsoft#rce#buffer_overflow#auth#chrome#blog
Snowballing Ransomware Variants Highlight Growing Threat to VMware ESXi Environments

Luna, Black Basta add to rapidly growing list of malware tools targeted at virtual machines deployed on VMware's bare-metal hypervisor technology.

Open-Xchange App Suite 7.10.x Cross Site Scripting / Command Injection

Open-Xchange App Suite versions 7.10.6 and below suffer from OS command injection and cross site scripting vulnerabilities. One particular cross site scripting issue only affects versions 7.10.5 and below.

Zyxel firewall vulnerabilities left business networks open to abuse

Severity of code execution bug mitigated by ‘high uptake’ of previous patch

GHSA-6rh6-x8ww-9h97: Grails framework Remote Code Execution via Data Binding

### Impact A vulnerability has been discovered in the Grails data-binding logic which allows for Remote Code Execution in a Grails application. This exploit requires the application to be running on Java 8, either deployed as a WAR to a servlet container, or an executable JAR. ### Patches Grails framework versions 5.2.1, 5.1.9, 4.1.1, and 3.3.15 ### References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35912 https://grails.org/blog/2022-07-18-rce-vulnerability.html ### For more information If you have any questions or comments about this advisory: * https://grails.org/blog/2022-07-18-rce-vulnerability.html * https://github.com/grails/grails-core/issues/12626 * Email us at [info@grails.org](mailto:info@grails.org) ### Credit This vulnerability was discovered by [meizjm3i](https://github.com/meizjm3i) and [codeplutos](https://github.com/codeplutos) of AntGroup FG Security Lab

OctoBot WebInterface 0.4.3 Remote Code Execution

OctoBot WebInterface version 0.4.3 suffers from a remote code execution vulnerability.

IOTransfer 4.0 Remote Code Execution

IOTransfer version 4.0 suffers from a remote code execution vulnerability.

Hackers Target Ukrainian Software Company Using GoMet Backdoor

A large software development company whose software is used by different state entities in Ukraine was at the receiving end of an "uncommon" piece of malware, new research has found. The malware, first observed on the morning of May 19, 2022, is a custom variant of the open source backdoor known as GoMet and is designed for maintaining persistent access to the network. "This access could be