ZDNet

RCE is back: VMware details file upload vulnerability in vCenter Server

If you haven't patched vCenter in recent months, please do so at your earliest convenience. Following on from its remote code execution hole in vCentre in May, VMware has warned of a critical ...
Bleeping Computer

Versa fixes Director zero-day vulnerability exploited in attacks

Versa Networks has fixed a zero-day vulnerability exploited in the wild that allows attackers to upload malicious files by exploiting an unrestricted file upload flaw in the Versa Director GUI. Versa ...
Threat Post

Thousands of Applications Vulnerable to RCE via jQuery File Upload

The flaw has existed for eight years thanks to a security change in Apache. A widely used plugin by Blueimp called jQuery File Upload contains a years-old vulnerability that potentially places 7,800 ...
CSOonline

SAP NetWeaver customers urged to deploy patch for critical zero-day vulnerability

The unrestricted file upload flaw is likely being exploited by an initial access broker to deploy JSP web shells that grant full access to servers and allow installing additional malware payloads.
Bleeping Computer

Critical Wordpress plugin bug lets hackers take over hosting account

Hackers can exploit a maximum severity vulnerability in the wpDiscuz plugin installed on over 70,000 WordPress sites to execute code remotely after uploading arbitrary files on servers hosting ...
Infosecurity-magazine.com

SAP Fixes Critical Vulnerability After Evidence of Exploitation

German software company SAP has finally disclosed and fixed a highly critical vulnerability in the NetWeaver Visual Composer development server after evidence of exploitation in the wild. NetWeaver ...