Home > Knowledge Centre > CVE

THREAT ADVISORY: Zero-Day Vulnerabilities Detected on WinRAR

  • Quickheal / 2 years
  • 0
  • 5 min read

Zero-day vulnerabilities represent an imminent threat to cybersecurity, and in this case, two such vulnerabilities, CVE-2023-38831 and CVE-2023-40477, have been identified in the widely utilized WinRAR software. These vulnerabilities pose a grave concern due to their potential for remote code execution, presenting a severe threat risk.  WinRAR is a popular compression tool with half a […]

An in-depth analysis of a new, emerging “.url” malware campaign – by Quick Heal Security Labs

  • Pradeep Kulkarni / 8 years
  • 0
  • 7 min read

Last week, we had blogged about the emergence of a new attack vector ‘.url’ which is used to spread malware. In this blog post, we will deep-dive into the attack chain of this ‘.url’ vector and elaborate on the Quant Loader malware which is actively making use of it. Let’s take a look at the […]

Chinese, Russian hackers counting on Apache Struts vulnerabilities – a report by Quick Heal Security Labs

  • Sameer Patil / 8 years
  • 2
  • 5 min read

Apache Struts is an open-source CMS based on MVC framework for developing Java EE Web Applications. Apache Struts has been widely used by many Fortune 100 companies and government agencies over the years for developing web applications. But, websites built using a CMS constantly need to upgrade the CMS versions in their web application servers, because vulnerabilities in the CMS framework directly […]

CVE-2017-9805 | Apache Struts 2 Remote Code Execution Vulnerability – An analysis by Quick Heal Security Labs

  • Pradeep Kulkarni / 8 years
  • 0
  • 2 min read

A critical remote code execution vulnerability has been discovered in the popular web application framework Apache Struts, which allows attackers to execute an arbitrary code. To address this issue, Apache Struts has issued a security advisory and CVE-2017-9805 has been assigned to it. The attacker may use this vulnerability to target organizations across the globe. […]

CVE-2017-5638 – Apache Struts 2 Remote Code Execution Vulnerability

  • Pradeep Kulkarni / 9 years
  • 0
  • 2 min read

The well-known open source web application framework Apache Struts 2 is being actively exploited in the wild allowing hackers to launch a remote code execution attack.  To address this issue, Apache has issued a security advisory and CVE-2017-5638 has been assigned to it. The zero-day bug has been rated with the highest severity rating ‘High’. […]

New Common Vulnerabilities and Exposure (CVE) in Spammer’s toolkit

  • Sakshat Karkare / 10 years
  • 0
  • 2 min read

The Quick Heal Malware Intelligence Reporting System has made a recent observation about a CVE (Common Vulnerabilities and Exposures) known as CVE-2015-2545 being actively used in an online spam campaign. The campaign begins with targeted users receiving a spam email with an attached malicious document. Below are some common attachment names used in this spam […]