Vulnerability Notification: Oracle WebLogic Server RemoteObject Insecure Deserialization

[Overview] WebLogic Server is a Java application server platform for developing, integrating, deploying, and managing large distributed web applications, network applications, and database applications. Recently, Oracle released an update patch to fix the WebLogic Server deserialization vulnerability. [Vulnerability Details] CVE-2018-3245: The vulnerability is caused by deserializing suspicious data in a T3 protocol request. An unauthorized…

Vulnerability Notification: Zoho ManageEngine OpManager oputilsServlet Authentication Bypass

[Overview] As a next-generation network management software, Zoho OpManager provides network performance monitoring, physical and virtual server monitoring, network traffic analysis, and device management configuration to realize integrated management of the network, server and data center. OpManager has fixed a privilege elevation vulnerability in a recent update. [Vulnerability Details] CVE-2018-17283: The vulnerability is caused by…

Vulnerability Notification: Red Hat 389 Directory Server nsslapd ldapsearch Buffer Overflow

[Overview] 389 Directory Server is an OpenLDAP-based enterprise LDAP server developed by Red Hat. It is an open source Lightweight Directory Access Protocol (LDAP) service implementation. Red Hat fixes a buffer overflow vulnerability in the latest update. [Vulnerability Details] CVE-2018-1089: This vulnerability is caused by the inability to handle excessively long filter values in ldapsearch…

Vulnerability Notification: Apache Struts 2 namespace Expression Language Injection

[Overview] Apache Struts2 is an MVC framework for building Java-based web applications. In the MVC design pattern, Struts2 acts as a controller to establish data interaction between the model and the view. Recently, Apache Struts2 officially released a security notification of the remote code execution vulnerability fix. [Vulnerability Details] CVE-2018-11776: The Apache Struts2 vulnerability has…

Vulnerability Notification: Mining Trojans

[Overview] With the rise of virtual currency, a new type of attack – mining Trojans quietly prevailed. Different from the ransomware encrypting user key data and virus Trojan destructing business system, the mining Trojan has no obvious attack characteristics, making it difficult for users to detect. According to statistics, mining Trojans have become one of…