Headline

CVE-2023-28461

Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated “a new Array AG release with the fix will be available soon.”

1 year ago

CVE

Open in Source

#rce #pdf #auth #ssl

%PDF-1.7 4 0 obj << /BitsPerComponent 8 /ColorSpace /DeviceGray /Filter /FlateDecode /Height 970 /Length 44247 /Subtype /Image /Type /XObject /Width 3249 >> stream x��q��:��H�$ ��$T��J@� ��ݥt�ff��s�,�͓L&��J]�*��E�5��P��Wb�*_�+��B`P��#�@�C$��Qs��F�!X�h��H`P�� ,j4��B`P�n�5��b$��Q#�@��˼��4� ,j4��B`PPs��F�!XԨ��H`P�� ,j��c$��Q�� -&��d}?�Q��4� ,j4ky��O�Q�%�H`P�ģ" ,ܝ�y%��,�<��H`P�� ,��<*�� ,j4��H�!3��6��]#�@��!X�h��BM#�@��{$��S��Wb@�@�,�E`P-�j��KUz��Z�"��^`�P�XbUg�Zu�"��b`�ФX��,�E`P-��r�I1�t4XT�D`P��V��Z�"��b`�4XTkG`P-�j)�6�&�jXTK1�hR,]M=�@�,��X�4)�>�&�j]��-��N/��,�E`P-��H3��,��4K@�@��@�b`�h"��b`�ФXbM=�@�4K@�f`i("��Y1�(�K@�@�4�%��V1��XTK3��K��Z��"��M1�(�G�PE`P��b`�P�)��Z’��ɑT��R ,�zTG�PE`P-��ɑTXT�W,��4'G�F��T�^��r�־=tݥ�5��N��;cu��4��C�ۺ��݇u"�lVӞ.��۵;��Z��’Xkj؜��<��U��ؚ��r��kõ[��]5��ڝ��VA�~�e��99��p� s�S��a��P��z,q?W�Т�a99��,6B�47dX��V��ZyU��a��]GZA�ʗW�w��~�#틑�܄کu�ɑn�K��X5�pr$��D)r��T��G��H��C"W��

Japanese organizations are the target of a Chinese nation-state threat actor that leverages malware families like LODEINFO and NOOPDOOR to harvest sensitive information from compromised hosts while stealthily remaining under the radar in some cases for a time period ranging from two to three years. Israeli cybersecurity company Cybereason is tracking the campaign under the name Cuckoo Spear,

3 months ago

The Hacker News

Open in Source

#intel #backdoor #The Hacker News