RCE

Pierluigi Paganini July 11, 2017
Do you use Adobe Flash Player? You should update it now!

Adobe released new versions of Flash Player and Connect web conferencing software to fix important and critical vulnerabilities. According to the security advisory published by Adobe for Flash Player, the new version 26.0.0.137 patches three critical vulnerabilities, including a remote code execution flaw tracked as CVE-2017-3099 that can be exploited by attackers to take full control of affected systems. […]

Pierluigi Paganini June 23, 2017
OpenVPN fixed several remotely exploitable flaws that were not detected by recent audits

OpenVPN fixed several vulnerabilities that could be exploited by remote attackers, the flaws were not detected in a recent audit. Recently two distinct audits were conducted to discover security issues in the OpenVPN, many flaws were found but some vulnerabilities were not spotted by the experts. Four of the vulnerabilities in OpenVPN 2.4.2, were found by […]

Pierluigi Paganini June 14, 2017
Microsoft patches two critical remote code execution (RCE) flaws that have been exploited in attacks

Microsoft released the June 2017 Patch Tuesday to address more than 90 security flaws, including two critical RCE that have been exploited in attacks. Microsoft released June Patch Tuesday updates that address more than 90 vulnerabilities, including two critical remote code execution (RCE) vulnerabilities that have been exploited in attacks. The first vulnerability, tracked as CVE-2017-8464, […]

Pierluigi Paganini June 10, 2017
SambaCry is reality, crooks are abusing CVE-2017-7494 to spread miners

Security experts from Kaspersky confirmed that threat actors in the wild are exploiting the SambaCry vulnerability CVE-2017-7494 to spread a miner. At the end of May, a seven-year-old remote code execution vulnerability affecting all versions of the Samba software since 3.5.0 was patched by the development team of the project. An attacker can exploit the CVE-2017-7494 […]

Pierluigi Paganini May 25, 2017
CVE-2017-7494 Samba vulnerability, patch your installation now!

A seven-year-old remote code execution vulnerability, tracked as CVE-2017-7494, affects all versions of the Samba software since 3.5.0. A seven-year-old remote code execution vulnerability affects all versions of the Samba software since 3.5.0. The flaw has been patched by the development team of the project. An attacker can exploit the CVE-2017-7494 RCE to upload a shared […]

Pierluigi Paganini May 12, 2017
UPDATED – Vanilla Forums software is still affected by a critical remote code execution zero-day first reported in December 2016.

The popular Vanilla Forums software is still affected by a critical remote code execution zero-day first reported to the development team in December 2016. The exploit code was published by ExploitBox, a remote attacker can chain the flaw with the Host Header injection vulnerability CVE-2016-10073 to execute arbitrary code and take the control of the affected […]

Pierluigi Paganini May 09, 2017
Jenkins patched a critical RCE flaw in its open source automation server

Jenkins developers fixed a critical RCE vulnerability in the popular open source automation server along with many other issues. Jenkins is the most popular open source automation server, it is maintained by CloudBees and the Jenkins community. The automation server supports developers build, test and deploy their applications, it has more than 133,000 active installations […]

Pierluigi Paganini May 09, 2017
Microsoft fixes Microsoft Malware Protection Engine RCE vulnerability CVE-2017-0290 found by Google

Microsoft fixes the vulnerability in the Microsoft Malware Protection Engine (CVE-2017-0290) discovered just three days by Google experts. Last week the researchers at the Google Project Zero team have discovered a new critical Windows RCE vulnerability, tracked as CVE-2017-0290, they defined the bug as the worst Windows RCE in recent memory. I think @natashenka and […]

Pierluigi Paganini May 02, 2017
A critical RCE flaw in Intel Management Engine affects Intel enterprise PCs dates back 9 years

A critical remote code execution vulnerability tracked as CVE-2017-5689 in Intel Management Engine affects Intel enterprise PCs dates back 9 years. A critical remote code execution (RCE) vulnerability tracked as CVE-2017-5689 has been discovered in the remote management features implemented on computers shipped with Intel Chipset in past 9 years. The vulnerability affects the Intel Management […]

Pierluigi Paganini April 25, 2017
Squirrelmail 1.4.22 is affected by a Remote Code Execution flaw, no fix is available

The popular PHP webmail package SquirrelMail is affected by a remote code execution vulnerability tracked as CVE-2017-7692. The popular PHP webmail package SquirrelMail is affected by a remote code execution vulnerability tracked as CVE-2017-7692, that could be exploited by hackers to execute arbitrary commands on the target and fully control it. The recent version, 1.4.22, and […]