Safeguard
Tag

rce

Safeguard articles tagged "rce" — guides, analysis, and best practices for software supply chain and application security.

80 articles

Vulnerability Analysis

Apache Struts CVE-2023-50164: Critical File Upload RCE Echoes Equifax-Era Nightmares

A critical path traversal vulnerability in Apache Struts allowed RCE through file upload manipulation. The disclosure triggered flashbacks to the 2017 Equifax breach caused by a similar Struts flaw.

Dec 7, 20236 min read
Application Security

Deserialization Attacks in Java and Python

Insecure deserialization turns data parsing into code execution. This guide covers deserialization attacks in Java and Python, the gadget chain concept, and practical defenses for both ecosystems.

Dec 5, 20236 min read
Vulnerability Analysis

PaperCut CVE-2023-27350: When Print Management Software Becomes a Ransomware Gateway

CVE-2023-27350 in PaperCut NG/MF allowed unauthenticated RCE through the print management server. Cl0p and LockBit ransomware groups jumped on it within days.

Apr 19, 20236 min read
Vulnerability Analysis

GitLab Critical RCE (CVE-2022-2884): Remote Code Execution via GitHub Import

A critical vulnerability in GitLab's GitHub import feature allowed authenticated attackers to execute arbitrary code on the server. The flaw highlighted risks in platform migration features.

Aug 22, 20226 min read
Vulnerability Analysis

VMware Workspace ONE CVE-2022-22954: Server-Side Template Injection Goes Enterprise

CVE-2022-22954 in VMware Workspace ONE Access allowed unauthenticated RCE via server-side template injection. Attackers used it to deploy cryptominers and backdoors.

Apr 6, 20226 min read
Vulnerability Analysis

Spring4Shell (CVE-2022-22965): Remote Code Execution in Spring Framework

A critical RCE in Spring Framework sent Java teams scrambling. While less catastrophic than Log4Shell, Spring4Shell exposed dangerous assumptions about ClassLoader access in Java web applications.

Mar 31, 20225 min read
Vulnerability Analysis

Apache HTTP Server CVE-2021-41773: A Path Traversal Bug That Should Have Been Caught in Code Review

CVE-2021-41773 allowed path traversal and RCE on Apache HTTP Server 2.4.49. The fix was incomplete, leading to CVE-2021-42013 days later. A lesson in patching under pressure.

Oct 12, 20216 min read
Vulnerability Analysis

ProxyShell: The Microsoft Exchange Exploit Chain That Wouldn't Stop

ProxyShell chained three Exchange vulnerabilities for unauthenticated remote code execution. Months after patches were available, thousands of servers remained exposed.

Aug 12, 20217 min read
rce (Page 7) — Safeguard Blog