#c++

The Backup Operators is a Windows built-in group. Users which are part of this group have permissions to perform backup and restore operations. More specifically,… Continue reading → Domain Escalation – Backup Operator

Ubuntu Security Notice 6590-1 - It was discovered that Xerces-C++ was not properly handling memory management operations when parsing XML data containing external DTDs, which could trigger a use-after-free error. If a user or automated system were tricked into processing a specially crafted XML document, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. It was discovered that Xerces-C++ was not properly performing bounds checks when processing XML Schema Definition files, which could lead to an out-of-bounds access via an HTTP request. If a user or automated system were tricked into processing a specially crafted XSD file, a remote attacker could possibly use this issue to cause a denial of service.

Exploring malicious Windows drivers (Part 1): Introduction to the kernel and drivers  Drivers have long been of interest to threat actors, whether they are exploiting vulnerable drivers or creating malicious ones. Malicious drivers are difficult to detect and successfully leveraging one can give an attacker full access to a

Gentoo Linux Security Advisory 202401-24 - Multiple denial of service vulnerabilities have been discovered in Nettle. Versions greater than or equal to 3.9.1 are affected.

Ubuntu Security Notice 6579-2 - USN-6579-1 fixed a vulnerability in Xerces-C++. This update provides the corresponding update for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 23.04 and Ubuntu 23.10. It was discovered that Xerces-C++ was not properly handling memory management operations when parsing XML data containing external DTDs, which could trigger a use-after-free error. If a user or automated system were tricked into processing a specially crafted XML document, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

Debian Linux Security Advisory 5598-1 - A security issue was discovered in Chromium, which could result in the execution of arbitrary code, denial of service, or information disclosure.

Ubuntu Security Notice 6579-1 - It was discovered that Xerces-C++ was not properly handling memory management operations when parsing XML data containing external DTDs, which could trigger a use-after-free error. If a user or automated system were tricked into processing a specially crafted XML document, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

Backdoor.Win32 Carbanak (Anunak) malware creates 8 named pipes used for C2 and interprocess communications and grants RW access to the Everyone user group.

Gentoo Linux Security Advisory 202401-7 - A vulnerability was found in R which could allow for remote code execution. Versions greater than or equal to 4.0.4 are affected.

Debian Linux Security Advisory 5596-1 - Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange.