#windows

Microsoft's HVCIScan binary suffers from a dll hijacking vulnerability.

Anuranan SBAdmin version 2 appears to leave default credentials installed after installation.

1. EXECUTIVE SUMMARY ​CVSS v3 8.3 ​ATTENTION: Exploitable via adjacent network ​Vendor: Sensormatic Electronics, a subsidiary of Johnson Controls, Inc. ​Equipment: Illustra Pro Gen 4 ​Vulnerability: Active Debug Code 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker to compromise device credentials over a long period of sustained attack. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following versions of Sensormatic Electronics Illustra Pro Gen 4 are affected: ​Pro Gen 4 Dome: Up to and including Illustra.SS016.05.09.04.0006 ​Pro Gen 4 PTZ: Up to and including Illustra.SS010.05.09.04.0022 3.2 VULNERABILITY OVERVIEW 3.2.1 ACTIVE DEBUG CODE CWE-489  ​Sensormatic Electronics Illustra Pro Gen 4 contains a debug feature that is incorrectly set to enabled on newly manufactured cameras. Under some circumstances, over a long period of sustained attack, this could allow compromise of device credentials. ​CVE-2023-0954 has been assigned to this vulnerabi...

Categories: Exploits and vulnerabilities Categories: News Tags: Google Tags: Chrome Tags: V8 Tags: heap corruption Tags: type confusion Tags: CVE-2023-3079 Google has released a Chrome update for a zero-day for which an exploit is actively being used in the wild. (Read more...) The post Update Chrome now! Google patches actively exploited zero-day appeared first on Malwarebytes Labs.

TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the staticGw parameter at /setting/setWanIeCfg.

xxl-rpc v1.7.0 was discovered to contain a deserialization vulnerability via the component com.xxl.rpc.core.remoting.net.impl.netty.codec.NettyDecode#decode.

RenderDoc through 1.26 allows an Integer Overflow with a resultant Buffer Overflow (issue 1 of 2).

A vulnerability classified as critical has been found in SourceCodester Online Discussion Forum Site 1.0. This affects an unknown part of the file admin\posts\view_post.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231021 was assigned to this vulnerability.

A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0 and classified as critical. This issue affects some unknown processing of the file admin\posts\manage_post.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231017 was assigned to this vulnerability.

A vulnerability, which was classified as critical, was found in SourceCodester Online Discussion Forum Site 1.0. This affects an unknown part of the file admin\categories\manage_category.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231015.