Aggregator

A vulnerability was found in GL.iNet MT3000 4.1.0 Release 2. It has been declared as critical. Affected by this vulnerability is an unknown functionality in the library /usr/lib/oui-httpd/rpc/logread. The manipulation leads to os command injection. This vulnerability is known as CVE-2023-29778. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability was found in francoisjacquet RosarioSIS 10.8.4. It has been classified as problematic. This affects an unknown part of the component Periods Module. The manipulation leads to csv injection. This vulnerability is uniquely identified as CVE-2023-29918. Access to the local network is required for this attack to succeed. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in Apple iOS up to 11.3.1. This vulnerability affects unknown code of the component WebKit. The manipulation leads to race condition. This vulnerability was named CVE-2018-4192. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

John Paul Richard Inc and Jaya Apparel Group, LLC Have Fallen Victim to Cactus Ransomware

A vulnerability was found in HP PC. It has been rated as problematic. Affected by this issue is some unknown functionality of the component BIOS. The manipulation leads to an unknown weakness. This vulnerability is handled as CVE-2022-31643. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Obsidian Canvas 1.1.9. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to incorrect default permissions. This vulnerability is handled as CVE-2023-27035. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in OpenText BizManager up to 16.6.0.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to weak password recovery. This vulnerability is known as CVE-2022-35898. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in KaiOS 3.0. It has been declared as problematic. This vulnerability affects unknown code of the component Communications Application. The manipulation leads to information disclosure. This vulnerability was named CVE-2023-27108. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Antabot White-Jotter 0.2.2. Affected by this issue is the function coversUpload. The manipulation of the argument file leads to unrestricted upload. This vulnerability is handled as CVE-2023-29635. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical was found in 3CX Phone System 6.0.806.0/15.5.3554.1/16.0.0.1570. Affected by this vulnerability is an unknown functionality of the file /Electron/download of the component Drive Letter Handler. The manipulation leads to path traversal. This vulnerability is known as CVE-2022-48483. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Новое исследование объясняет механизм устойчивости тяжелых элементов.

A vulnerability was found in Microsoft IIS 5.0/5.1 and classified as critical. Affected by this issue is some unknown functionality of the component WebDAV. The manipulation as part of XML leads to denial of service. This vulnerability is handled as CVE-2003-0226. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in PHPFox 3.7.3/3.7.4/3.7.5. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument val[item_id] leads to improper access controls. This vulnerability is known as CVE-2013-7196. The attack can be launched remotely. Furthermore, there is an exploit available.

via the comic humor & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Humidifier Review’ appeared first on Security Boulevard.

​The New York Blood Center (NYBC), one of the world's largest independent blood collection and distribution organizations, says a Sunday ransomware attack forced it to reschedule some appointments. [...]

Новый метод генерации поляритонов может перевернуть представления об интегральной оптике.

For NSX customers and partners who are Star Trek fans, VMware getting absorbed into the huge Broadcom product line might remind them of the Borg collective: “Resistance is Futile!” I lived through similar events when I was at IronPort, and we got purchased by Cisco. We were able to keep interest in the email security […]

The post Did the Broadcom Acquisition of VMware Leave You Feeling High-and-Dry? appeared first on ColorTokens.

The post Did the Broadcom Acquisition of VMware Leave You Feeling High-and-Dry? appeared first on Security Boulevard.

A groundbreaking technique for Kerberos relaying over HTTP, leveraging multicast poisoning, has been recently detailed by cybersecurity researchers. Introduced by James Forshaw and further developed using the Responder and krbrelayx tools, this approach exploits local name resolution protocols like LLMNR (Link-Local Multicast Name Resolution) to achieve pre-authenticated Kerberos relay attacks. This method provides a fresh […]

The post Hackers Exploiting DNS Poisoning to Compromise Active Directory Environments appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.