Making Sense of Security

Securing your Digital World.

Making Sense of Security

Microsoft DART Finds Web Shell Threat on the Rise

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2015-2802
PUBLISHED: 2020-02-04

An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the TL…

CVE-2019-10786
PUBLISHED: 2020-02-04

network-manager through 1.0.2 allows remote attackers to execute arbitrary commands via the "execSync()" argument.

CVE-2019-10787
PUBLISHED: 2020-02-04

im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the "exec" argument. The cmd argument used within index.js, can be controlled by user without any sanitization.

CVE-2019-10788
PUBLISHED: 2020-02-04

im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the "exec" function.

CVE-2019-12528
PUBLISHED: 2020-02-04

An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users’ sessions or non-Squid processes.

View Original Source Article HERE