Russian APT28 Hackers Using COVID-19 as Bait to Deliver Zebrocy Malware

A Russian threat actor known for its malware campaigns has reappeared in the threat landscape with yet another attack leveraging COVID-19 as phishing lures, once again indicating how adversaries are adept at repurposing the current world events to their advantage. Linking the operation to a...

CVE-2020-25406

app\admin\controller\sys\Uploads.php in lemocms 1.8.x allows users to upload files to upload executable files...

Default credentials

app\admin\controller\sys\Uploads.php in lemocms 1.8.x allows users to upload files to upload executable files...

CVE-2020-26552

An issue was discovered in Aviatrix Controller before R6.0.2483. Multiple executable files, that implement API endpoints, do not require a valid session ID for access...

CVE-2020-13958

A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the target users file system. These hyperlinks can be triggered unconditionally. In fixed versions no internal protocol may be called from the documen...

Design/Logic Flaw

IBM i2 iBase 8.9.13 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 184579...

CVE-2020-4588

IBM i2 iBase 8.9.13 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 184579...

ReQuest Serious Play F3 Media Server 7.0.3 Unauthenticated Remote Code Execution

!/usr/bin/env python3 -- coding: utf-8 -- ReQuest Serious Play F3 Media Server 7.0.3 Unauthenticated Remote Code Execution Vendor: ReQuest Serious Play LLC Product web page: http://www.request.com Affected version: 7.0.3.4968 Pro 7.0.2.4954 6.5.2.4954 6.4.2.4681 6.3.2.4203 2.0.1.823 Summary: F3...

InfoCage SiteShell installs their files with improper access permissions

Overview InfoCage SiteShell provided by NEC Corporation installs their files with improper access permissions CWE-732. Especially, the service executable files can be modified by Everyone users. NEC Corporation reported this vulnerability to IPA to notify users of its solution through JVN...

CVE-2020-7522

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software V2.0 and earlier when accessing a vulnerable method of SoundUploadServlet which may lead to uploading executable files to non-specified directories...

CVE-2020-7521

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software V2.0 and earlier when accessing a vulnerable method of FileUploadServlet which may lead to uploading executable files to non-specified directories...

Path traversal

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software V2.0 and earlier when accessing a vulnerable method of FileUploadServlet which may lead to uploading executable files to non-specified directories...

CVE-2020-7522

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software V2.0 and earlier when accessing a vulnerable method of SoundUploadServlet which may lead to uploading executable files to non-specified directories...

CVE-2020-7521

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software V2.0 and earlier when accessing a vulnerable method of FileUploadServlet which may lead to uploading executable files to non-specified directories...

CVE-2020-13376

SecurEnvoy SecurMail 9.3.503 allows attackers to upload executable files and achieve OS command execution via a crafted SecurEnvoyReply cookie...

CVE-2020-16269

radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parsetypedef in typedwarf.c via a malformed DWATname in the .debuginfo section...

CVE-2020-16269

radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parsetypedef in typedwarf.c via a malformed DWATname in the .debuginfo section...

CVE-2020-16269

CVE-2020-16269 affects radare2 4.5.0 where DWARF information in .debug_info is misparsed, causing a segmentation fault in parse_typedef (type_dwarf.c) due to a malformed DW_AT_name; the related CVEs (including CVE-2020-17487) cover malformed PE signature data. Multiple advisories (Mageia MGASA-20...

CVE-2020-16269

radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parsetypedef in typedwarf.c via a malformed DWATname in the .debuginfo section...

CVE-2020-16269

radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parsetypedef in typedwarf.c via a malformed DWATname in the .debuginfo section...