Pierluigi Paganini
July 22, 2021
Oracle released its Critical Patch Update for July 2021, it fixes hundreds of flaws, including Critical Remotely Exploitable vulnerabilities in Weblogic Server. Oracle this week released its quarterly Critical Patch Update for July 2021 that contains 342 new security patches for multiple product families. Some of the vulnerabilities addressed by the IT giant could be remotely exploited by […]
Pierluigi Paganini
November 02, 2020
Oracle issued an out-of-band security update to address a critical remote code execution issue (CVE-2020-14750) impacting multiple Oracle WebLogic Server versions. Oracle issued an out-of-band security update to address a critical remote code execution (RCE) vulnerability, tracked as CVE-2020-14750, which affects several versions of Oracle WebLogic Server. The IT giant assigned to the flaw a severity base score of […]
Pierluigi Paganini
June 16, 2020
Oracle addressed two flaws in E-Business Suite solution that can be exploited by attackers to tamper with an organization’s financial records. Oracle addressed two security flaws in its E-Business Suite (EBS) business management solution that could allow attackers to carry out a broad range of malicious activities, including to tamper with an organization’s financial records. […]
Pierluigi Paganini
May 01, 2020
Oracle warns of attacks against recently patched WebLogic security bug Oracle warns of attacks in the wild exploiting a recently patched vulnerability in WebLogic servers for which a PoC code is available on GitHub. IT giant Oracle published a security alert to warn organizations running WebLogic servers of ongoing attacks that exploit the CVE-2020-2883 vulnerability. […]
Pierluigi Paganini
May 01, 2019
Threat actors are exploiting a recently patched critical Oracle WebLogic Server vulnerability to deliver the Sodinokibi ransomware to organizations. Threat actors are delivering a new piece of malware, tracked as Sodinokibi, by exploiting a recently patched Oracle WebLogic Server vulnerability. Oracle WebLogic Server is a Java EE application server currently developed by Oracle Corporation, it […]
Pierluigi Paganini
April 24, 2019
Security experts are warning of a dangerous zero-day remote code vulnerability that affects the Oracle WebLogic service platform. Oracle WebLogic wls9_async and wls-wsat components are affected by a deserialization remote command execution zero-day vulnerability. This zero-day flaw affects all Weblogic versions, including the latest one, that have the wls9_async_response.war and wls-wsat.war components enabled. Oracle WebLogic Server is a Java EE application […]
Pierluigi Paganini
April 08, 2019
Unofficial security patches have been released for two Oracle Java Runtime Environment (RE) flaws yet to be fixed discovered by Google Project Zero researcher. Unofficial security patches have been released for two Oracle Java Runtime Environment (RE) vulnerabilities discovered by Google Project Zero researcher Mateusz Jurczyk. The company hasn’t yet released an official update to […]
Pierluigi Paganini
January 18, 2019
Oracle released the first critical patch advisory for 2019 that addresses a total of 284 vulnerabilities, 33 of them are rated “critical”. Let’s give a close look at some of the vulnerabilities fixed by this patch advisory. The advisory fixed the CVE-2016-1000031 flaw, a remote code execution (RCE) bug in the Apache Commons FileUpload,  disclosed in November […]
Pierluigi Paganini
October 17, 2018
Oracle has just released a security update to prevent 2.3 million servers running the RPCBIND service from being used in amplified DDoS attacks. The flaw was discovered by the Brazilian researcher Mauricio CorrĂŞa, founder of Brazilian security company XLabs. The exploitation of this vulnerability could cause major problems on the Internet. “A proof of concept […]
Pierluigi Paganini
August 13, 2018
Last week Oracle disclosed a critical vulnerability in its Oracle Database product, the issue tracked as CVE-2018-3110 has received a CVSS score of 9.9, On Friday, Oracle released security patches to address a critical vulnerability affecting its Database product, the company is urging install them as soon as possible. The vulnerability resides in the Java VM component […]
