by CIRT Team
A Vulnerability in WordPress Duplicator Plugin Could Allow for Arbitrary File Downloads
Description: A vulnerability has been discovered in the WordPress Duplicator Plugin that could allow for Arbitrary File Downloads. This vulnerability exists due to the way Duplicator handles certain requests from unauthenticated users. When an attacker sends a specially crafted request to Duplicator, an unauthenticated user can download arbitrary files from the target WordPress site. This includes the ‘wp-config.php’ file, which contains various site configurations, and...
Read More
by CIRT Team
Critical Alert: A Vulnerability in Apache Tomcat Could Allow for Arbitrary File Reading (CVE-2020-1938)
Subject: A Vulnerability in Apache Tomcat Could Allow for Arbitrary File Reading (CVE-2020-1938) Description: A vulnerability has been discovered in Apache Tomcat, which could allow for reading of arbitrary files on the affected system. The vulnerability exists in the AJP protocol, which is by default exposed over TCP port 8009 and enabled. The vulnerability can be exploited by an attacker who can communicate with...
Read More
by CIRT Team
Common Vulnerabilities and Exposures (CVE) Report February 2020
The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures. The National Cybersecurity FFRDC, operated by the Mitre Corporation, maintains the system, with funding from the National Cyber Security Division of the United States Department of Homeland Security. Report : Following is the CVE report from BGD e-GOV CIRT for the month of February 2020.
by CIRT Team
Google Releases Security Updates for Chrome
Description: Google has released Chrome version 80.0.3987.122 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html
by CIRT Team
Microsoft Releases February 2020 Security Updates
Description: Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Feb https://support.microsoft.com/en-us/help/20200211/security-update-deployment-information-february-11-2020
by CIRT Team
Adobe Releases Security Updates for Multiple Products
Description: Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. Framemaker APSB20-04 Acrobat and Reader APSB20-05 Flash Player APSB20-06 Digital Editions APSB20-07 Experience Manager APSB20-08 Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for...
Read More
by CIRT Team
Common Vulnerabilities and Exposures (CVE) Report January 2020
The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures. The National Cybersecurity FFRDC, operated by the Mitre Corporation, maintains the system, with funding from the National Cyber Security Division of the United States Department of Homeland Security. Report : Following is the CVE report from BGD e-GOV CIRT for the month of January 2020.
by CIRT Team
Critical Vulnerabilities in Microsoft Windows Operating Systems [US-CERT]
Summary New vulnerabilities are continually emerging, but the best defense against attackers exploiting patched vulnerabilities is simple: keep software up to date. Timely patching is one of the most efficient and cost-effective steps an organization can take to minimize its exposure to cybersecurity threats. On January 14, 2020, Microsoft released software fixes to address 49 vulnerabilities as part of their monthly Patch Tuesday announcement. Among...
Read More
by CIRT Team
Mozilla Patches Critical Vulnerability
Description: Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more...
Read More
by CIRT Team
Cisco Releases Security Updates
Description: Cisco has released security updates to address multiple vulnerabilities in Data Center Network Manager (DCNM). A remote attacker could exploit these vulnerabilities to take control of an affected system. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: Cisco Data Center Network...
Read More
