#

Oracle WebLogic Remote Execution Vulnerability (CVE-2019-2729)

Recently, Oracle released a WebLogic remote execution vulnerability (CVE-2019-2729) that is rated as high. This vulnerability will cause issues in wls9_async component when deserialization handles input information, enabling an attacker to gain server privileges for remote code execution by sending a carefully crafted malicious HTTP request.

Date Published:2019-06-25 Read More >>

Recent Security Event

#

Android Endless Reboot Loop Vulnerability

Stagefright vulnerability was uncovered on July 27th, which allows an attacker to take over mobile device with a single MMS. Following that bug discovered, security researchers disclosed another critical security vulnerability, CVE-2015-3823, on August 6th, which can cause Android device to endless reboot.

  • Source:Sangfor Security Center
  • Date Published:2015-08-07
#

PHPCMS is exposed to contain 0day, therefore hundreds of thousands of websites are at stake.

On July, 21th, 2015, PHPCMS is exposed to contain critical SQL Injection, which also works in v9, the newest version of PHPCMS. Attacker can take advantage of the vulnerability to easily obtain website control privilege, and even getshell.

  • Source:Sangfor Internet Security
  • Date Published:2015-07-22
#

It is exposed that DoS may cause dead CPU, therefore, PHP worldwide are affected by it.

On May, 14th, 2015, PHP is exposed to contain remote DoS vulnerability. Once the vulnerability is successfully used, it will rapidly consume CPU resources of the affected host, so as to launch DoS attack. PHP is widely deployed worldwide, which provides a great many targets for attackers. Therefore, it brings vast influence.

  • Source:Sangfor Internet Security
  • Date Published:2015-05-22
#

Windows HTTP.sys remote code execution vulnerability

On April, 15th, 2015, Microsoft announced a remote code execution vulnerability Windows HTTP.sys. This vulnerability has attracted great attention from the industry the moment it is announced. If it is exploited successfully by attacker, it may cause blue screen, trigger remote code to run with administrator privilege in the target system, and cause user website vulnerable to such attacks as defacement, unsafe links, information disclosure, and some severe attacks. Vulnerability scoring is "severe"

  • Source:Sangfor Internet Security
  • Date Published:2015-04-30
#

Bash Shellshock Vulnerability

​On September 24th, 2014, Bash is exposed to contain remote code execution vulnerability, which will affect mainstream operation system platforms, including but not limited to Redhat, CentOS, Ubuntu, Debian, Fedora, Amazon Linux, OS X 10.10, etc. Due to the fact that the vulnerability brings vast influence, it is regarded as a 10th-grade (the severest) vulnerability, which is much severe than the 5th-grade OpenSSL "Heartbleed" announced this April. According to discussions made by X-CERT initiator Dr. Du Yuejin, and many other experts in this circle, the vulnerability is named "Shellshock".

  • Source:Sangfor Internet Security
  • Date Published:2015-04-30