A number of vulnerabilities have been discovered in Phoenix Contact industrial solutions that allow unauthorized…
Among new vulnerabilities, the most dangerous are those found in the commercial Adobe ColdFusion platform, designed to accelerate development of web applications.
“Adobe released security updates for ColdFusion 2018, 2016 and 11, these updates address three critical vulnerabilities that could lead to the execution of arbitrary code”, – the bulletin said.
Bugs are classified as traversing the blacklist of file extensions (CVE-2019-7838), the ability to inject commands (CVE-2019-7839), and deserialize untrusted data (CVE-2019-7840). Patches are included in the ColdFusion 2018 Update 4, ColdFusion 2016 Update 11 and ColdFusion 11 Update 19 updates. Developer recommends installing them ASAP, as the product is at high risk.
Equally dangerous is the possibility of using freed up memory in Adobe Flash (CVE-2019-7845); a participant in the Zero Day Initiative (ZDI) project who wished to remain anonymous revealed it.
“The use-after-free vulnerability manifests itself when processing LocalConnection objects. By performing actions in ActionScript, an attacker can cause the pointer to be reused after it is released. Vulnerability allows you to execute any code in the context of the current process”, – explained ZDI representative Dustin Childs.
This problem is relevant for desktop and Flash Player browser of all previous releases; Users are strongly advised to install update 32.0.0.207.
The remaining vulnerabilities were found in the Adobe Campaign package, designed to facilitate creation of multi-channel and personalized messages, as well as their management. This is a critical command injection bug (CVE-2019-7850), five errors fraught with information disclosure (two assessed as significant, three as moderately dangerous), as well as the possibility of XML injections, which allows to get reading access to an arbitrary file system object.
Vulnerabilities are subject to Adobe Campaign Classic 18.10.5-8984 and earlier builds installed on Windows and Linux. Problems solved with installation of update 19.1.1-9026.
Source: https://helpx.adobe.com
Boot-upextremelysophisticatedthe-file.top is a site that tries to force you into clik to its browser notifications…
News-xheluza.cc is a domain that tries to trick you into subscribing to its browser notifications…
Initiateextremelyoriginalthe-file.top is a site that tries to trick you into subscribing to its browser notifications…
Chernars.com is a domain that tries to force you into subscribing to its browser notifications…
Eclipse-adblocker.pro is a site that tries to trick you into clik to its browser notifications…
Initiateadvancedcompletelythe-file.top is a site that tries to force you into subscribing to its browser notifications…