Security News > 2019 > February > Latest WinRAR, Drupal flaws under active exploitation

Latest WinRAR, Drupal flaws under active exploitation
2019-02-26 13:13

CVE-2018-20250, a WinRAR vulnerability that allows attackers to extract a malicious executable to one of the Windows Startup folder to be executed every time the system is booted, and CVE-2019-6340, the remote execution flaw affecting the popular Drupal CMS, have been spotted being exploited by attackers. PoC attack code for both has been released shortly after their public disclosure and didn’t take long for attackers to adjust and use them. Attacks on WinRAR users Active … More → The post Latest WinRAR, Drupal flaws under active exploitation appeared first on Help Net Security.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/22nWx42ZKfk/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2019-02-21 CVE-2019-6340 Deserialization of Untrusted Data vulnerability in Drupal
Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10.
network
high complexity
drupal CWE-502
8.1
2019-02-05 CVE-2018-20250 Path Traversal vulnerability in Rarlab Winrar
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll).
local
low complexity
rarlab CWE-22
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Drupal 15 0 66 45 14 125