#windows

Plantronics Hub version 3.25.1 suffers from an arbitrary file read vulnerability.

Backdoor.Win32.AsyncRat malware suffers from a code execution vulnerability.

Prison Management System Using PHP suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Google has released security patches for two vulnerabilities. Make sure you're using the latest version.

By Waqas Kaspersky's Global Research and Analysis Team (GReAT) has released its latest quarterly report (Q1 2024) on the advanced persistent threat (APT) activity, highlighting several key trends in the threat and risk environment. This is a post from HackRead.com Read the original post: Kaspersky Reveals Global Rise in APTs, Hacktivism and Targeted Attacks

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.0 ATTENTION: Low attack complexity Vendor: Mitsubishi Electric Equipment: Multiple FA Engineering Software Products Vulnerabilities: Improper Privilege Management, Uncontrolled Resource Consumption, Out-of-bounds Write, Improper Privilege Management 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow a local attacker to cause a Windows blue screen error that results in a denial-of-service condition and/or to gain Windows system privileges and execute arbitrary commands. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Mitsubishi Electric reports the following versions of FA Engineering Software Products are affected: CPU Module Logging Configuration Tool: All versions CSGL (GX Works2 connection configuration): All versions CW Configurator: All versions Data Transfer: All versions Data Transfer Classic: All versions EZSocket (communication middleware product for Mitsubishi Electric partner companies): All versions FR Configura...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: low attack complexity Vendor: Johnson Controls Equipment: Software House C●CURE 9000 Vulnerability: Insertion of Sensitive Information into Log File 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to access credentials used for access to the application. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Johnson Controls reports that the following versions of Software House C●CURE 9000, a security management system, are affected: Software House C●CURE 9000: v3.00.2 3.2 Vulnerability Overview 3.2.1 Insertion of Sensitive Information into Log File CWE-532 Under certain circumstances the Microsoft Internet Information Server (IIS) used to host the C●CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C●CURE 9000 or prior versions. CVE-2024-0912 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.7 has been calcul...

**According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability?** To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.