Vulnerability Notification: Microsoft Windows Shell Zip File Remote Code Execution

[Overview] Microsoft Windows supports the use of ZIP documents as “compressed folders,” allowing users to browse the contents of ZIP documents through folders. Recently, Microsoft fixed a remote code execution vulnerability in the Windows Shell component. [Vulnerability Details] CVE-2018-0883: An attacker would craft a ZIP file containing a “setup” or “install” file and malware with…

Vulnerability Notification: Cisco Adaptive Security Appliance Webvpn XML Parser Double Free

[Overview] Cisco Adaptive Security Appliance (ASA) software is the core operating system of the Cisco ASA Series. It provides enterprise-class firewall functionality for physical or virtual ASA devices in distributed network environments. The XML parser vulnerability of VPN feature in this software allows unauthenticated remote attackers to reload system or remotely execute code. [Vulnerability Details]…

Vulnerability Notification: Adobe ColdFusion Deserialization

[Overview] Adobe ColdFusion is a dynamic web server, a rapid application development platform offered by Adobe Systems that contains advanced features for enterprise integration and internet application development. [Vulnerability Details] CVE-2017-11284: This vulnerability is caused by no input validation before the object in the RMI registry is deserialized. An unidentified attacker could exploit this vulnerability…

Vulnerability Notification: Oracle WebLogic Server XmlAdapter Deserialization

[Overview] Oracle WebLogic Server is an enterprise multi-tiered Java application service, commonly used as a large enterprise web application platform. [Vulnerability Details] This vulnerability is exploited due to insufficient validation of serialized XML data by WorkContextXmlInputAdapter. An unauthenticated attacker could exploit this vulnerability by sending carefully crafted HTTP XML requests. Exploiting this vulnerability could result…