News

ZDNet3y

RCE is back: VMware details file upload vulnerability in vCenter Server

If you haven't patched vCenter in recent months, please do so at your earliest convenience. Following on from its remote code execution hole in vCentre in May, VMware has warned of a critical ...
Bleeping Computer1y

Versa fixes Director zero-day vulnerability exploited in attacks

Versa Networks has fixed a zero-day vulnerability exploited in the wild that allows attackers to upload malicious files by exploiting an unrestricted file upload flaw in the Versa Director GUI. Versa ...
ZDNet6y

Zero-day in popular jQuery plugin actively exploited for at least three years

For at least three years, hackers have abused a zero-day in one of the most popular jQuery plugins to plant web shells and take over vulnerable web servers, ZDNet has learned. The vulnerability ...
Bleeping Computer1mon

SonicWall urges admins to patch critical RCE flaw in SMA 100 devices

SonicWall urges customers to patch SMA 100 series appliances against a critical authenticated arbitrary file upload vulnerability that can let attackers gain remote code execution. The security flaw ...
CSOonline4mon

SAP NetWeaver customers urged to deploy patch for critical zero-day vulnerability

The unrestricted file upload flaw is likely being exploited by an initial access broker to deploy JSP web shells that grant full access to servers and allow installing additional malware payloads.