RCE – Page 15 – WindowsTechs.com

1.5M Unpatched WordPress Sites Hacked Following Vulnerability Disclosure

Posted on February 10, 2017 by Chris Brook

WordPress security experts said that 1.5M sites have been defaced following the disclosure of a silently fixed content injection vulnerability. Continue reading 1.5M Unpatched WordPress Sites Hacked Following Vulnerability Disclosure→

Cisco WebEx code execution hole – what you need to know

Posted on January 26, 2017 by Paul Ducklin

Google’s Project Zero found a serious hole in Cisco’s WebEx browser extension that is nearly but not yet fully fixed. Here’s what to do. Continue reading Cisco WebEx code execution hole – what you need to know→

RCE in JXBrowser JavaScript/Java bridge

Posted on December 8, 2016 by Gareth Heyes

I recently found myself prototyping an experimental scanning technique
using JXBrowser, a library for using a PhantomJS-like browser in
Java applications. Whilst creating a JavaScript to Java bridge using the JXBrowser library, I wondered if it was p… Continue reading RCE in JXBrowser JavaScript/Java bridge→

RCE in JXBrowser JavaScript/Java bridge

Posted on December 8, 2016 by Gareth Heyes

VU#706359: Aternity version 9 vulnerable to cross-site scripting and remote code execution

Posted on September 28, 2016 by CERT

The Aternity webserver,version 9 and prior,is reportedly vulnerable to cross-site scripting(XSS)on several web pages,and remote code execution via inclusion of untrusted functionality by default due to improper authentication before execution. Continue reading VU#706359: Aternity version 9 vulnerable to cross-site scripting and remote code execution→

Vulnerability Patched in WordPress Theme That Allows Unrestricted Uploads

Posted on September 20, 2016 by Tom Spring

A vulnerability has been patched in a popular WordPress theme called Neosense that allows an attacker to upload code without authentication. Continue reading Vulnerability Patched in WordPress Theme That Allows Unrestricted Uploads→

Drupal Patches Remote Code Execution Vulnerabilities in Three Modules

Posted on July 13, 2016 by Chris Brook

Developers with the open source content management framework Drupal patched a series of highly critical remote code execution bugs in three separate modules today. If exploited, the bugs could let an attacker take over any site running the modules.

Continue reading Drupal Patches Remote Code Execution Vulnerabilities in Three Modules→

Foxit Patches 12 Vulnerabilities in PDF Reader

Posted on June 30, 2016 by Chris Brook

Foxit patched a dozen vulnerabilities in its PDF reader software this week, more than half of which could be used to directly execute arbitrary code on vulnerable installations of the product.

Continue reading Foxit Patches 12 Vulnerabilities in PDF Reader→

Apple AirPort routers get critical security update

Posted on June 21, 2016 by Paul Ducklin

Apple AirPort users, patch ASAP. It sounds as though a crook could take over your AirPort from afar with a sneaky DNS reply… Continue reading Apple AirPort routers get critical security update→

Adobe Flash zero-day patch is out…for the third month in a row

Posted on May 12, 2016 by Paul Ducklin

At the risk of sounding like a stuck gramophone – Adobe just pushed out a Flash update that patches a zero-day hole. Continue reading Adobe Flash zero-day patch is out…for the third month in a row→