Security News

CUPS flaws enable Linux remote code execution, but there’s a catch

2024-09-26 22:03

Under certain conditions, attackers can chain a set of vulnerabilities in multiple components of the CUPS open-source printing system to execute arbitrary code remotely on vulnerable machines. [...]

#codeexecution #linux #remote

Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk

2024-09-23 09:58

A critical security flaw has been disclosed in the Microchip Advanced Software Framework (ASF) that, if successfully exploited, could lead to remote code execution. The vulnerability, tracked as...

#codeexecution #critical #IOT #remote #CVE-2024-7490

Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution

2024-09-18 05:08

Broadcom on Tuesday released updates to address a critical security flaw impacting VMware vCenter Server that could pave the way for remote code execution. The vulnerability, tracked as...

#codeexecution #critical #patch #remote #vcenter #vmware #CVE-2024-38812

Google Fixes GCP Composer Flaw That Could've Led to Remote Code Execution

2024-09-16 13:07

A now-patched critical security flaw impacting Google Cloud Platform (GCP) Composer could have been exploited to achieve remote code execution on cloud servers by means of a supply chain attack...

#codeexecution #GCP #google #remote

Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution

2024-09-06 05:22

A new security flaw has been addressed in the Apache OFBiz open-source enterprise resource planning (ERP) system that, if successfully exploited, could lead to unauthenticated remote code...

#apache #codeexecution #remote #update #CVE-2024-45195

Apache fixes critical OFBiz remote code execution vulnerability

2024-09-05 21:33

Apache has fixed a critical security vulnerability in its open-source OFBiz (Open For Business) software, which could allow attackers to execute arbitrary code on vulnerable Linux and Windows...

#apache #codeexecution #critical #remote #vulnerability

Critical WPML Plugin Flaw Exposes WordPress Sites to Remote Code Execution

2024-08-28 04:14

A critical security flaw has been disclosed in the WPML WordPress multilingual plugin that could allow authenticated users to execute arbitrary code remotely under certain circumstances. The...

#codeexecution #critical #remote #wordpress #CVE-2024-6386

New Zero-Day Flaw in Apache OFBiz ERP Allows Remote Code Execution

2024-08-06 04:16

A new zero-day pre-authentication remote code execution vulnerability has been disclosed in the Apache OFBiz open-source enterprise resource planning system that could allow threat actors to achieve remote code execution on affected instances. "The root cause of the vulnerability lies in a flaw in the authentication mechanism," SonicWall, which discovered and reported the shortcoming, said in a statement.

#apache #codeexecution #ERP #remote #zeroday

New Specula tool uses Outlook for remote code execution in Windows

2024-07-29 21:44

Microsoft Outlook can be turned into a C2 beacon to remotely execute code, as demonstrated by a new red team post-exploitation framework named "Specula," released today by cybersecurity firm TrustedSec. This C2 framework works by creating a custom Outlook Home Page using WebView by exploiting CVE-2017-11774, an Outlook security feature bypass vulnerability patched in October 2017.

#codeexecution #outlook #remote #windows #CVE-2017-11774

Critical Flaw in Telerik Report Server Poses Remote Code Execution Risk

2024-07-26 04:10

Progress Software is urging users to update their Telerik Report Server instances following the discovery of a critical security flaw that could result in remote code execution. The vulnerability, tracked as CVE-2024-6327, impacts Report Server version 2024 Q2 and earlier.

#codeexecution #critical #remote #report #server #CVE-2024-6327

Security News {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Security News"}]}

Security News