no more cubes

Tag: rce

  • #log4J Log4Shell RCE 0-day exploit

    If you develop software in Java, you are probably affected. Log4J is a really popular package to deal with logging. In a nutshell, if an attacker manages to log a specific, crafted string, the library will load code from a random, remote host. Affected are all versions between 2.0 and 2.14.1. Given how ubiquitous this…

  • “Secret” Agent Exposes Azure Customers To RCE

    This week, again Azure makes the news with cloud security issues. Following the linked article, Microsoft secretly installed a “management agent” on customer VMs. As if the act itself was not severe enough, the agent is reachable from the network. Source: “Secret” Agent Exposes Azure Customers To Unauthorized Code Execution | Wiz Blog And, if…

  • For the VMware users here.

    VMWare’s vCenter Server is vulnerable to a remote code execution (RCE) vulnerability. That means, an attacker would be able to execute code on any machine with that software reachable from the internet. Executing arbitrary code would also allow malware to replicate, AKA worm. The vulnerability is tracked as CVE-2021-21985. Code execution flaw in vCenter is…