SwiftMailer is prone to a remote code execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial of service condition.
PHP is prone to a use after free vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial of service condition.
PHP is prone to a vulnerability which allows a remote attacker to unserialize a pathological exception object. Attackers can exploit this issue to cause a denial of service condition.
The LDAP Server in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Drupal Core is prone to a information disclosure vulnerability. The vulnerability is due to insufficient access control on the ability to download a full configuration export. A remote, authenticated user can exploit this vulnerability by sending a crafted request to the target. Successful exploitation could lead to disclosure of sensitive information.
NetIQ Access Manager (NAM) allows remote authenticated administrators to discover service-account passwords via a request to roma/jsp/volsc/monitoring/dev_services.jsp or roma/jsp/debug/debug.jsp.
A code execution vulnerability exists in Microsoft Windows. The vulnerability is due to the way objects are handled in memory. A remote attacker with domain credentials can exploit this vulnerability by sending specially crafted requests to the target server. Successful exploitation will allow an attacker to execute arbitrary code with elevated privileges.
A remote code execution vulnerability was discovered in Microsoft Windows Graphics component. A successful exploitation of this issue could allow an attacker to execute arbitrary code on the remote system.
A denial-of-service vulnerability has been reported in ISC BIND. The vulnerability is due to improperly processing DNS cookies. A remote attacker could exploit this vulnerabilities by sending a maliciously crafted DNS packet to a target BIND server. Successful exploitation could lead to a denial-of-service condition.
Drupal Coder module prone to a remote code execution vulnerability. The vulnerability is due to improper input validation on user-supplied input. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the target server. A Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code in the context of the process.
What is the current state of SCADA vulnerabilities? Staying informed is essential in the fight against exploits and cyberattacks with real-world consequences.
Patch now: Two Chrome zero-days were reported, one of them actively exploited in a campaign. Meanwhile, BlueKeep was initially reported seen in the wild to install a malicious Monero miner.
Administrators of NGINX web servers running PHP-FPM are advised to patch a vulnerability (CVE-2019-11043) that can let threat actors execute remote code on vulnerable, NGINX-enabled web servers. Here’s what you need to know.