Welcome to our weekly exploit digest! We should say this hasn’t been a big week because guys keep producing exploits for the vulnerabilities discovered in the 1st half of March. Nevertheless, we have some new good arrivals for VMware, MS Windows and Win32 to talk about. New 4+ scored exploits have arrived for 7 software titles: VMware View Planner (v4.6) Win32k ConsoleControl Microsoft Exchange 2019 Microsoft Windows Containers DP API SonLogger (v4.2.3.3) LiveZilla Server (v8.0.1.0)…

Welcome to the Wallarm weekly web exploits digest! Since this week, we will publish our weekly digests consists of web exploits with CVSS scores higher than 5. It will be followed by explanations, risks analysis, related stories and news. So, here we go!

The most sophisticated and interesting exploit was out of this score for some reason, but who we are to argue with CVSS score 😉 This is the Apache OFBiz XML-RPC Java Serialization Remote Code Execution issues https://vulners.com/packetstorm/PACKETSTORM:161769 where you can find a XML-packed and Base64 encoded Java deserialization payload:

<serializable xmlns="http://ws.apache.org/xmlrpc/namespaces/extensions">#{Rex::Text.encode_base64(data)}</serializable>  

Two days ago Apache has published a fix for the new Remote Code Execution vulnerability in Struts2. Struts2 RCE attacks in the wild This vulnerability allows attacker to execute arbitrary Java code on the application server. We can confirm that caught the first exploit for this vulnerability from the wild. And this is crazy. Like previous OGNL exploits this one is also based on the OGNL macroses to construct and call shell command via sequence of…