Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Zoo Management System 1.0 Shell Upload

Zoo Management System version 1.0 suffers from a remote shell upload vulnerability. This version originally had a shell upload vulnerability discovered by D4rkP0w4r that leveraged the upload CV flow but this particular finding leverages the save_animal flow.

Packet Storm
Open in Source
#sql#vulnerability#web#windows#apple#google#php#rce#auth#chrome#webkit
2023 Mount Carmel School 6.4.1 Cross Site Scripting

2023 Mount Carmel School version 6.4.1 suffers from a cross site scripting vulnerability.

Microsoft Windows Kernel Race Condition / Memory Corruption

The Microsoft Windows Kernel passes user-mode pointers to registry callbacks, leading to race conditions and memory corruption.

Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign

Pro-Russian hacking groups have exploited a recently disclosed security vulnerability in the WinRAR archiving utility as part of a phishing campaign designed to harvest credentials from compromised systems. "The attack involves the use of malicious archive files that exploit the recently discovered vulnerability affecting the WinRAR compression software versions prior to 6.23 and traced as

The forgotten malvertising campaign

Categories: Threat Intelligence Tags: malvertising Tags: ads Tags: notepad Tags: hta Tags: malware Tags: google A sophisticated threat actor has been using Google ads to deliver custom malware payloads to victims for months while flying under the radar. (Read more...) The post The forgotten malvertising campaign appeared first on Malwarebytes Labs.

Congratulations to the Top MSRC 2023 Q3 Security Researchers!

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2023 Q3 Security Researcher Leaderboard are Wei, VictorV, and Anonymous! Check out the full list of researchers recognized this quarter here.

A week in security (October 9 - October 15)

Categories: News A list of topics we covered in the week of October 9 to October 15 of 2023 (Read more...) The post A week in security (October 9 - October 15) appeared first on Malwarebytes Labs.

CVE-2023-45176: IBM App Connect Enterprise and IBM Integration Bus denial of service CVE-2023-45176 Vulnerability Report

IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.10.0 and IBM Integration Bus 10.1 through 10.1.0.1 are vulnerable to a denial of service for integration nodes on Windows. IBM X-Force ID: 247998.

Microsoft to Phase Out NTLM in Favor of Kerberos for Stronger Authentication

Microsoft has announced that it plans to eliminate NT LAN Manager (NTLM) in Windows 11 in the future, as it pivots to alternative methods for authentication and bolster security. "The focus is on strengthening the Kerberos authentication protocol, which has been the default since 2000, and reducing reliance on NT LAN Manager (NTLM)," the tech giant said. "New features for Windows 11 include

CVE-2023-45853: Minizip: Zip and UnZip additionnal library

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product.