Vulnerability Notification: Zoho ManageEngine OpManager oputilsServlet Authentication Bypass

[Overview] As a next-generation network management software, Zoho OpManager provides network performance monitoring, physical and virtual server monitoring, network traffic analysis, and device management configuration to realize integrated management of the network, server and data center. OpManager has fixed a privilege elevation vulnerability in a recent update. [Vulnerability Details] CVE-2018-17283: The vulnerability is caused by…

Visualize. Control. Secure

Releasing NIPS 3.0 and High-end Models To keep the perimeter of networks safe, a new version of Hillstone NIPS 3.0, in addition to three high-end models S3560, S3860, S5560 are now available, enabling Hillstone NIPS solutions to cover a broader range of mid-size business and enterprise deployment scenarios. Highlights in the latest updates include: Spam…

Vulnerability Notification: Red Hat 389 Directory Server nsslapd ldapsearch Buffer Overflow

[Overview] 389 Directory Server is an OpenLDAP-based enterprise LDAP server developed by Red Hat. It is an open source Lightweight Directory Access Protocol (LDAP) service implementation. Red Hat fixes a buffer overflow vulnerability in the latest update. [Vulnerability Details] CVE-2018-1089: This vulnerability is caused by the inability to handle excessively long filter values in ldapsearch…

Hackers don’t sleep; and neither does Hillstone

Breach detection systems focus on malicious activity in a network, therefore they protect entire networks – not isolated endpoints or devices. They can be expensive and also complex, depending on how the network is designed, and as the network expands or changes, so will the solution. Despite the bad rap, the Breach Detection market is…

Vulnerability Notification: Apache Struts 2 namespace Expression Language Injection

[Overview] Apache Struts2 is an MVC framework for building Java-based web applications. In the MVC design pattern, Struts2 acts as a controller to establish data interaction between the model and the view. Recently, Apache Struts2 officially released a security notification of the remote code execution vulnerability fix. [Vulnerability Details] CVE-2018-11776: The Apache Struts2 vulnerability has…