by CIRT Team
Microsoft Releases Security Updates
Description: Microsoft has released updates to address vulnerabilities in Microsoft software. The April security release consists of security updates for the following software: Internet Explorer Microsoft Edge Microsoft Windows Microsoft Office and Microsoft Office Services and Web Apps ChakraCore Adobe Flash Player Microsoft Malware Protection Engine Microsoft Visual Studio Microsoft Azure IoT SDK Impact: A remote attacker could exploit this vulnerability to take control of...
Read More
by CIRT Team
Microsoft Releases Patch for Windows 7 and Windows Server 2008 R2 Systems
Description: Microsoft has released security updates to address a vulnerability in Windows 7 x64 and Windows Server 2008 R2 x64 systems. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Apply an update. This issue is addressed in the Microsoft update for CVE-2018-1038. Please see the references or vendor advisory for more information. Reference URL’s: https://www.kb.cert.org/vuls/id/277400
by CIRT Team
Apache Software Foundation Releases Security Update
Description: The Apache Software Foundation has released a security update to address a vulnerability in Struts 2. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Upgrade to Struts 2.5.16. Please see the references or vendor advisory for more information. Reference URL’s: https://cwiki.apache.org/confluence/display/WW/S2-056
by CIRT Team
Drupal core – Highly critical – Remote Code Execution
Description: A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: If you are running 7.x, upgrade to Drupal 7.58. If you are running...
Read More
by CIRT Team
Cisco Releases Security Updates
Description: Cisco has released updates to address vulnerabilities affecting multiple products. Review the following Cisco Security Advisories and apply the necessary updates: Cisco IOS XE Software Static Credential Vulnerability Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability Cisco IOS and IOS XE Software Quality of Service Remote Code Execution Vulnerability Impact: A remote attacker could exploit some of these vulnerabilities to...
Read More
by CIRT Team
Critical Alert: Multiple Vulnerabilities in Mozilla Firefox Could Allow for Remote Code Execution
Description: Multiple vulnerabilities have been discovered in MozillaFirefox and Firefox Extended Support Release (ESR), which could allow for remote code execution. Details of the vulnerabilities are as follows: * A remote code-execution vulnerability exists because it fails to properly process Vorbis audio data. Specifically, this issue occurs due to an out-of-bounds write error in the ‘libvorbis’ library. (CVE-2018-5146) * A remote code-execution vulnerability exists because...
Read More
by CIRT Team
Critical Alert: Multiple Vulnerabilities in Adobe Flash Player Could Allow for Remote Code Execution
Description: Multiple vulnerabilities have been discovered in Adobe Flash Player that could allow for remote code execution. These vulnerabilities are as follows: * One use after free vulnerability that could allow for remote code execution (CVE-2018-4919). * One type confusion vulnerability that could allow for remote code execution (CVE-2018-4920) Impact: Successful exploitation of these vulnerabilities could result in the attacker gaining control of the affected...
Read More
by CIRT Team
Critical Alert: A Vulnerability in ManageEngine Applications Manager Could Allow for Remote Code Execution
Description: A vulnerability has been discovered in ManageEngine Applications Manager, which could allow for remote code execution. The publically accessible testCredential.do endpoint takes multiple user inputs and validates supplied credentials by accessing a specific system. This endpoint calls several internal classes and then executes a PowerShell script. If the specified system is an Office SharePoint Server, then the username and password parameters to this script...
Read More
by CIRT Team
Critical Alert: Multiple Vulnerabilities in PHP Could Allow for Arbitrary Code Execution
Description: Multiple vulnerabilities have been discovered in PHP, the most severe of which could allow an attacker to execute arbitrary code. PHP is a programming language originally designed for use in web-based applications with HTML content. PHP supports a wide variety of platforms and is used by numerous web-based software applications. Impact: Successfully exploiting the most severe of these vulnerabilities could allow for arbitrary code...
Read More
by CIRT Team
Cisco Unified Customer Voice Portal Interactive Voice Response Connection DOS Vulnerability(CVE-2018-0139)
Description: A vulnerability in the Interactive Voice Response (IVR) management connection interface for Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause the IVR connection to disconnect, creating a system-wide denial of service (DoS) condition. The vulnerability is due to improper handling of a TCP connection request when the IVR connection is already established. An attacker could exploit this vulnerability...
Read More