Tag
#auth
Precision Bridge PrecisionBridge.exe (aka the thick client) before 7.3.21 allows an integrity violation in which the same license key is used on multiple systems, via vectors involving a Process Hacker memory dump, error message inspection, and modification of a MAC address.
The vulnerability in the device enables an unauthorized attacker to execute system commands with elevated privileges. This exploit is facilitated through the use of the 'getcommand' query within the application, allowing the attacker to gain root access.
Ubuntu Security Notice 6513-1 - It was discovered that Python incorrectly handled certain plist files. If a user or an automated system were tricked into processing a specially crafted plist file, an attacker could possibly use this issue to consume resources, resulting in a denial of service. It was discovered that Python instances of ssl.SSLSocket were vulnerable to a bypass of the TLS handshake. An attacker could possibly use this issue to cause applications to treat unauthenticated received data before TLS handshake as authenticated data after TLS handshake.
CE Phoenix version 1.0.8.20 suffers from a persistent cross site scripting vulnerability.
PyroCMS version 3.0.1 suffers from a persistent cross site scripting vulnerability.
CSZ CMS version 1.3.0 suffers from a remote shell upload vulnerability.
An unspecified government entity in Afghanistan was targeted by a previously undocumented web shell called HrServ in what’s suspected to be an advanced persistent threat (APT) attack. The web shell, a dynamic-link library (DLL) named “hrserv.dll,” exhibits “sophisticated features such as custom encoding methods for client communication and in-memory execution,” Kaspersky security researcher Mert
The maintainers of the open-source file-sharing software ownCloud have warned of three critical security flaws that could be exploited to disclose sensitive information and modify files. A brief description of the vulnerabilities is as follows - Disclosure of sensitive credentials and configuration in containerized deployments impacting graphapi versions from 0.2.0 to 0.3.0. (CVSS score: 10.0)
By Waqas SiegedSec is the group responsible for the data breach at the Idaho National Laboratory (INL). This is a post from HackRead.com Read the original post: Hackers Leak Thousands of Idaho National Lab Employees’ PII Data
Researchers have found several weaknesses in the fingerprint authentication for Windows Hello on popular laptops.