Security News

The cross-site scripting flaws could allow attackers to execute JavaScript in targets' browsers. Including Adobe Experience Manager, Adobe fixed 18 flaws as part of its regularly scheduled September updates.

Routers made by MoFi Network are affected by several vulnerabilities, including critical flaws that can be exploited to remotely hack a device. Some of the vulnerabilities can allow an unauthenticated, remote attacker who has access to this web interface to take complete control of the targeted router.

Cisco last week released patches to address a critical remote code execution vulnerability in Jabber for Windows. "Cisco Jabber uses XHTML-IM by default for all messages. A malicious message can therefore easily be created by intercepting an XMPP message sent by the application and modifying it. Attackers can do this manually on their own machine or it can be automated to create a worm that spreads automatically," the company continues.

Researchers are warning of a critical remote code-execution flaw in the Windows version of Cisco Jabber, the networking company's video-conferencing and instant-messaging application. The flaw has a CVSS score of 9.9 out of 10, making it critical in severity, Cisco said in a Wednesday advisory.

The highly popular WordPress plugin File Manager this week received a patch to address an actively exploited zero-day vulnerability. Designed to provide WordPress site admins with copy/paste, edit, delete, download/upload, and archive functionality for both files and folders, File Manager has over 700,000 active installs.

Cisco has patched four vulnerabilities in its Jabber client for Windows, the most critical of which could allow attackers to achieve remote code execution by sending specially crafted chat messages. Cisco Jabber is a video conferencing and instant messaging application that's often used within enterprises for internal communication and collaboration.

A hacking group believed to be linked to the Iranian government was observed targeting a critical vulnerability that F5 Networks addressed in its BIG-IP application delivery controller in early July. Tracked as CVE-2020-5902 and featuring a CVSS score of 10, the vulnerability allows remote attackers to take complete control of a targeted system.

A critical remote-code-execution vulnerability affecting past versions of the Slack desktop app was disclosed on Friday after the software maker fixed its app. Back in January, Oskars Vegeris, a security engineer at Evolution Gaming, privately reported to Slack a remote code execution vulnerability affecting version 4.2 and 4.32 of its desktop apps for Linux, macOS, and Windows via bug bounty program HackerOne.

A security researcher was awarded a $1,750 bug bounty reward for discovering a remote code execution vulnerability in the Slack desktop applications. An attacker could exploit the vulnerability to execute arbitrary code within Slack's desktop apps for macOS, Linux, and Windows.

A critical vulnerability in the popular Slack collaboration app would allow remote code-execution. Attackers could gain full remote control over the Slack desktop app with a successful exploit - and thus access to private channels, conversations, passwords, tokens and keys, and various functions.