Search the Community

Foxit Reader bug lets attackers run malicious code via PDFs Foxit Software, the company behind the highly popular Foxit Reader, has published security updates to fix a high severity remote code execution (RCE) vulnerability affecting the PDF reader. This security flaw could allow attackers to run malicious code on users' Windows computers and, potentially, take over control. Foxit claims to have more than 650 million users from 200 countries, with its software currently being used by over 100,000 customers. The company's extensive en

Critical RCE Bug Found in Homebrew Package Manager for macOS and Linux A recently identified security vulnerability in the official Homebrew Cask repository could have been exploited by an attacker to execute arbitrary code on users' machines that have Homebrew installed. The issue, which was reported to the maintainers on April 18 by a Japanese security researcher named RyotaK, stemmed from the way code changes in its GitHub repository were handled, resulting in a scenario where a malicious pull request — i.e., the proposed changes — could be automatically

Remote code execution vulnerabilities uncovered in smart air fryer The impacted vendor has not responded or fixed the security issues. In another example of how connectivity can impact our home security, researchers have disclosed two remote code execution (RCE) vulnerabilities in a smart air fryer. RCEs are often considered to be some of the most severe types of vulnerabilities as they allow attackers to remotely deploy code, potentially leading to the hijack of a system, remote tampering, and the execution of additional malware payloads. Whil

Bug allows attackers to hijack Windows time sync software used to track security incidents A remote code execution vulnerability can let attackers hijack the update process of a popular Windows time synchronization software product – Greyware’s Domain Time II – by exploiting a man-on-the-side (MotS) vulnerability.. (Photo by Drew Angerer/Getty Images) Researchers at GRIMM on Tuesday said they found a remote code execution (RCE) vulnerability that can let attackers hijack the update process of a popular Windows time synchronization software product – Greyware’

Claroty discovers vulnerabilities in Ovarro TBox RTUs Researchers from Claroty have discovered widespread vulnerabilities within Ovarro’s TBox remote terminal units (RTUs), commonly found in industrial facilities in the oil, power, and gas sectors. The five vulnerabilities could enable attackers to break into the systems and run code, crash systems, and meddle with configuration files, amongst other malicious actions. “The risks associated with these flaws threaten not only affect the integrity of automation processes, but also, in some cases pu

Critical RCE Vulnerability Found in Apache OFBiz ERP Software—Patch Now The Apache Software Foundation on Friday addressed a high severity vulnerability in Apache OFBiz that could have allowed an unauthenticated adversary to remotely seize control of the open-source enterprise resource planning (ERP) system. Tracked as CVE-2021-26295, the flaw affects all versions of the software prior to 17.12.06 and employs an "unsafe deserialization" as an attack vector to permit unauthorized remote attackers to execute arbitrary code on a server directly. OF

Critical RCE Flaw Reported in MyBB Forum Software—Patch Your Sites A pair of critical vulnerabilities in a popular bulletin board software called MyBB could have been chained together to achieve remote code execution (RCE) without the need for prior access to a privileged account. The flaws, which were discovered by independent security researchers Simon Scannell and Carl Smith, were reported to the MyBB Team on February 22, following which it released an update (version 1.8.26) on March 10 addressing the issues. MyBB, formerly MyBBoard and originally

Expert found a 1-Click RCE in the TikTok App for Android Egyptian security researcher Sayed Abdelhafiz discovered multiple bugs in TikTok Android Application that can be chained to achieve Remote code execution. Egyptian security researcher Sayed Abdelhafiz discovered multiple vulnerabilities in the TikTok Android Application that can be chained to achieve Remote code execution. “While testing TikTok for Android Application, I identified multiple bugs that can be chained to achieve Remote code execution that can be triaged through multiple dangerous attack vecto

F5 urges customers to patch 4 critical BIG-IP pre-auth RCE bugs F5 Networks, a leading provider of enterprise networking gear, has announced four critical remote code execution (RCE) vulnerabilities affecting most BIG-IP and BIG-IQ software versions. F5 BIG-IP software and hardware customers include governments, Fortune 500 firms, banks, internet service providers, and consumer brands (including Microsoft, Oracle, and Facebook), with the company claiming that "48 of the Fortune 50 rely on F5." The four critical vulnerabilities listed below also

VMware addresses Remote Code Execution issue in View Planner VMware released a security patch for a remote code execution vulnerability that affects the VMware View Planner product. VMware released a security patch for a remote code execution flaw, tracked as CVE-2021-21978, that affects the VMware View Planner. The View Planner is a free tool for Performance Sizing and Benchmarking of Virtual Desktop Infrastructure environments. The vulnerability was reported Positive Technologies researcher Mikhail Klyuchnikov. The company fixed

IBM Squashes Critical Remote Code-Execution Flaw A critical-severity buffer-overflow flaw that affects IBM Integration Designer could allow remote attackers to execute code. IBM has patched a critical buffer-overflow error that affects Big Blue’s Integration Designer toolset, which helps enterprises create business processes that integrate ap The flaw (CVE-2020-27221) has a CVSS base score of 9.8 out of 10, making it critical in severity. It stems from an issue in versions 7 and 8 of Java Runtime Environment (JRE), which is used

VMware fixes critical RCE bug in all default vCenter installs VMware has addressed a critical remote code execution (RCE) vulnerability in the vCenter Server virtual infrastructure management platform that may allow attackers to potentially take control of affected systems. vCenter Server helps IT admins manage virtualized hosts and virtual machines within enterprise environments via a single console. Critical RCE scoring almost a perfect severity score The privately reported vulnerability is tracked as CVE-2021-21972 and it was rated with a CVSSv3

Python programming language hurries out update to tackle remote code vulnerability But don't worry, say Python maintainers, attackers can only stall your machine even though technically it is remotely exploitable. The Python Software Foundation (PSF) has rushed out Python 3.9.2 and 3.8.8 to address two notable security flaws, including one that is remotely exploitable but in practical terms can only be used to knock a machine offline. PSF is urging its legion of Python users to upgrade systems to Python 3.8.8 or 3.9.2, in particular to address the remote co

A vulnerability exists in the Windows operating system's JScript component that can allow an attacker to execute malicious code on a user's computer. Responsible for discovering this bug is Dmitri Kaslov of Telspace Systems, who passed it along to Trend Micro's Zero-Day Initiative (ZDI), a project that intermediates the vulnerability disclosure process between independent researchers and larger companies. ZDI experts reported the issue to Microsoft back in January, but Microsoft has yet to release a patch for this vulnerability. Yesterday, ZDI published a su