Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Adult Video Script 3.0 File Inclusion

Adult Video Script version 3.0 suffers from local and remote file inclusion vulnerabilities.

Packet Storm
Open in Source
#vulnerability#web#windows#google#php#auth#firefox
Adiscon LogAnalyzer 4.1.5 Cross Site Scripting

Adiscon LogAnalyzer version 4.1.5 suffers from a cross site scripting vulnerability.

Adapt Inventory Management System 1.0.0 SQL Injection

Adapt Inventory Management System version 1.0.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Active Newspaper 2.0 HTML Injection

Active Newspaper version 2.0 suffers from an html injection vulnerability.

CVE-2023-28065: DSA-2023-146: Dell Command | Update, Dell Update, and Alienware Update Security Update for a Privilege Escalation Vulnerability

Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability leading to privilege escalation.

CVE-2023-28071: DSA-2023-170: Dell Command | Update, Dell Update, and Alienware Update Security Update for an Insecure Operation on Windows Junction / Mount Point vulnerability

Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).

Powerful JavaScript Dropper PindOS Distributes Bumblebee and IcedID Malware

A new strain of JavaScript dropper has been observed delivering next-stage payloads like Bumblebee and IcedID. Cybersecurity firm Deep Instinct is tracking the malware as PindOS, which contains the name in its "User-Agent" string. Both Bumblebee and IcedID serve as loaders, acting as a vector for other malware on compromised hosts, including ransomware. A recent report from Proofpoint

NSA Releases Guide to Combat Powerful BlackLotus Bootkit Targeting Windows Systems

The U.S. National Security Agency (NSA) on Thursday released guidance to help organizations detect and prevent infections of a Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus. To that end, the agency is recommending that "infrastructure owners take action by hardening user executable policies and monitoring the integrity of the boot partition." BlackLotus is an advanced

New Cryptocurrency Mining Campaign Targets Linux Systems and IoT Devices

Internet-facing Linux systems and Internet of Things (IoT) devices are being targeted as part of a new campaign designed to illicitly mine cryptocurrency. "The threat actors behind the attack use a backdoor that deploys a wide array of tools and components such as rootkits and an IRC bot to steal device resources for mining operations," Microsoft threat intelligence researcher Rotem Sde-Or said.