Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2023-34936: vuln/H3C_B1STW/CVE-2023-34936.md at main · h4kuy4/vuln

A stack overflow in the UpdateMacClone function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVE
Open in Source
#vulnerability#web#mac#windows#apple#dos#chrome#webkit
CVE-2023-20178: Cisco Security Advisory: Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows Privilege Escalation Vulnerability

A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed after a successful VPN connection is established. This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the update process. An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process. A successful exploit could allow the attacker to execute code with SYSTEM privileges.

CVE-2023-34931: vuln/H3C_B1STW/CVE-2023-34931.md at main · h4kuy4/vuln

A stack overflow in the EditWlanMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVE-2023-34930: vuln/H3C_B1STW/CVE-2023-34930.md at main · h4kuy4/vuln

A stack overflow in the EditMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVE-2023-34928: vuln/H3C_B1STW/CVE-2023-34928.md at main · h4kuy4/vuln

A stack overflow in the Edit_BasicSSID function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVE-2023-34932: vuln/H3C_B1STW/CVE-2023-34932.md at main · h4kuy4/vuln

A stack overflow in the UpdateWanMode function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVE-2023-34929: vuln/H3C_B1STW/CVE-2023-34929.md at main · h4kuy4/vuln

A stack overflow in the AddMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Alumni Club Management Tools 2.2.7 SQL Injection

Alumni Club Management Tools version 2.2.7 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Newly Surfaced ThirdEye Infostealer Targeting Windows Devices

By Waqas For now, ThirdEye infostealer has demonstrated behavior that is highly malicious, albeit not-so-sophisticated in its patterns. This is a post from HackRead.com Read the original post: Newly Surfaced ThirdEye Infostealer Targeting Windows Devices

8Base Ransomware Spikes in Activity, Threatens U.S. and Brazilian Businesses

A ransomware threat called 8Base that has been operating under the radar for over a year has been attributed to a "massive spike in activity" in May and June 2023. "The group utilizes encryption paired with 'name-and-shame' techniques to compel their victims to pay their ransoms," VMware Carbon Black researchers Deborah Snyder and Fae Carlisle said in a report shared with The Hacker News. "8Base