Security News > 2019 > February > Latest WinRAR, Drupal flaws under active exploitation
CVE-2018-20250, a WinRAR vulnerability that allows attackers to extract a malicious executable to one of the Windows Startup folder to be executed every time the system is booted, and CVE-2019-6340, the remote execution flaw affecting the popular Drupal CMS, have been spotted being exploited by attackers. PoC attack code for both has been released shortly after their public disclosure and didn’t take long for attackers to adjust and use them. Attacks on WinRAR users Active … More → The post Latest WinRAR, Drupal flaws under active exploitation appeared first on Help Net Security.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/22nWx42ZKfk/
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-02-21 | CVE-2019-6340 | Deserialization of Untrusted Data vulnerability in Drupal Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. | 8.1 |
2019-02-05 | CVE-2018-20250 | Path Traversal vulnerability in Rarlab Winrar In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). | 7.8 |