#windows

One of Microsoft's Patch Tuesday fixes has flipped from "Likely to be Exploited" to “Exploitation Detected”.

By Deeba Ahmed TicTacToe Dropper Obfuscates Code for Maximum Damage. This is a post from HackRead.com Read the original post: New TicTacToe Dropper Steals Data, Spreads Multiple Threats on Windows

This new backdoor we’re calling “TinyTurla-NG” (TTNG) is similar to Turla’s previously disclosed implant, TinyTurla, in coding style and functionality implementation.

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEC NMS Vulnerabilities: Out-of-bounds Read, Inadequate Encryption Strength, Double Free, Use After Free, NULL Pointer Dereference, Improper Input Validation, Missing Encryption of Sensitive Data, Allocation of Resources Without Limits or Throttling, Improper Authentication, Inefficient Regular Expression Complexity, Excessive Iteration, HTTP Request/Response Smuggling, Injection, Path Traversal, Race Condition, Improper Certificate Validation, Off-by-one Error, Missing Authorization, Use of Insufficiently Random Values, Buffer Underflow, Incorrect Per...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low Attack Complexity Vendor: Siemens Equipment: Unicam FX Vulnerability: Incorrect Use of Privileged APIs 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain SYSTEM privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens products are affected: Unicam FX: All versions 3.2 Vulnerability Overview 3.2.1 INCORRECT USE OF PRIVILEGED APIS CWE-648 The windows installer agent used in affected product contains incorrect use of privileged APIs that trigger the Windows Console Host (conhost.exe) as a child process with SYSTEM privileges. This could be exploited by an a...

Adapt CMS version 3.0.3 suffers from persistent cross site scripting and remote shell upload vulnerabilities.

Microsoft has issued patches for 73 security vulnerabilities in its February 2024 Patch Tuesday.

Microsoft has released patches to address 73 security flaws spanning its software lineup as part of its Patch Tuesday updates for February 2024, including two zero-days that have come under active exploitation. Of the 73 vulnerabilities, 5 are rated Critical, 65 are rated Important, and three and rated Moderate in severity. This is in addition to 24 flaws that have been fixed

Microsoft Corp. today pushed software updates to plug more than 70 security holes in its Windows operating systems and related products, including two zero-day vulnerabilities that are already being exploited in active attacks.

XoopsCore25 version 2.5.11 suffers from a cross site scripting vulnerability.