Tag
#windows
InterPhoto version 2.3.0 suffers from a remote shell upload vulnerability.
Three additional malicious Python packages have been discovered in the Package Index (PyPI) repository as part of an ongoing malicious software supply chain campaign called VMConnect, with signs pointing to the involvement of North Korean state-sponsored threat actors. The findings come from ReversingLabs, which detected the packages tablediter, request-plus, and requestspro. First disclosed at
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: PTC Equipment: Kepware KepServerEX Vulnerabilities: Uncontrolled Search Path Element, Improper Input Validation, Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain elevated privileges, execute arbitrary code, and obtain server hashes and credentials. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Kepware KepServerEX, an industrial automation control platform, are affected: Kepware KepServerEX: version 6.14.263.0 and prior ThingWorx Kepware Server: version 6.14.263.0 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 UNCONTROLLED SEARCH PATH ELEMENT CWE-427 The installer application of KEPServerEX is vulnerable to DLL search order hijacking. This could allow an adversary to repackage the installer with a malicious DLL and trick users into installing the trojanized software. Successful...
1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely Vendor: Digi International, Inc. Equipment: Digi RealPort Protocol Vulnerability: Use of Password Hash Instead of Password for Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow the attacker to access connected equipment. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Digi International reports that the following products using Digi RealPort Protocol are affected: Digi RealPort for Windows: version 4.8.488.0 and earlier Digi RealPort for Linux: version 1.9-40 and earlier Digi ConnectPort TS 8/16: versions prior to 2.26.2.4 Digi Passport Console Server: all versions Digi ConnectPort LTS 8/16/32: versions prior to 1.4.9 Digi CM Console Server: all versions Digi PortServer TS: all versions Digi PortServer TS MEI: all versions Digi PortServer TS MEI Hardened: all versions Digi PortServer TS M MEI: all versions Digi PortServer TS P MEI: all versions Digi One IAP Family: a...
Plus: Mozilla patches more than a dozen vulnerabilities in Firefox, and enterprise companies Ivanti, Cisco, and SAP roll out a slew of updates to get rid of some high-severity bugs.
VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor with man-in-the-middle (MITM) network positioning between vCenter server and the virtual machine may be able to bypass SAML token signature verification, to perform VMware Tools Guest Operations.
A hacking outfit nicknamed Earth Estries has been attributed to a new, ongoing cyber espionage campaign targeting government and technology industries based in the Philippines, Taiwan, Malaysia, South Africa, Germany, and the U.S. "The threat actors behind Earth Estries are working with high-level resources and functioning with sophisticated skills and experience in cyber espionage and illicit
Categories: News Categories: Ransomware Tags: Qakbot Tags: FBI Tags: law enforcement Tags: takedown Tags: removal tool Tags: HIBP Tags: Spamhaus The Qakbot botnet has suffered a major setback after its infrastructure was heavily disrupted by US and European law enforcement agencies. (Read more...) The post Qakbot botnet infrastructure suffers major takedown appeared first on Malwarebytes Labs.
Chitor-CMS before v1.1.2 was discovered to contain multiple SQL injection vulnerabilities.
In Splunk IT Service Intelligence (ITSI) versions below 4.13.3 or 4.15.3, a malicious actor can inject American National Standards Institute (ANSI) escape codes into Splunk ITSI log files that, when a vulnerable terminal application reads them, can run malicious code in the vulnerable application. This attack requires a user to use a terminal application that translates ANSI escape codes to read the malicious log file locally in the vulnerable terminal. The vulnerability also requires additional user interaction to succeed. The vulnerability does not directly affect Splunk ITSI. The indirect impact on Splunk ITSI can vary significantly depending on the permissions in the vulnerable terminal application, as well as where and how the user reads the malicious log file. For example, users can copy the malicious file from Splunk ITSI and read it on their local machine.