Tag
#windows
Details have emerged about a now-patched actively exploited security flaw in Microsoft Windows that could be abused by a threat actor to gain elevated privileges on affected systems. The vulnerability, tracked as CVE-2023-29336, is rated 7.8 for severity and concerns an elevation of privilege bug in the Win32k component. "An attacker who successfully exploited this vulnerability could gain
Delta Electronics InfraSuite Device Master versions below 1.0.5 have an unauthenticated .NET deserialization vulnerability within the ParseUDPPacket() method of the Device-Gateway-Status process. The ParseUDPPacket() method reads user-controlled packet data and eventually calls BinaryFormatter.Deserialize() on what it determines to be the packet header without appropriate validation, leading to unauthenticated code execution as the user running the Device-Gateway-Status process.
MVC Shop version 0.5 suffers from a cross site scripting vulnerability.
NETXPERTS CMS version 0.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Microsoft's HVCIScan binary suffers from a dll hijacking vulnerability.
Anuranan SBAdmin version 2 appears to leave default credentials installed after installation.
1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable via adjacent network Vendor: Sensormatic Electronics, a subsidiary of Johnson Controls, Inc. Equipment: Illustra Pro Gen 4 Vulnerability: Active Debug Code 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to compromise device credentials over a long period of sustained attack. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Sensormatic Electronics Illustra Pro Gen 4 are affected: Pro Gen 4 Dome: Up to and including Illustra.SS016.05.09.04.0006 Pro Gen 4 PTZ: Up to and including Illustra.SS010.05.09.04.0022 3.2 VULNERABILITY OVERVIEW 3.2.1 ACTIVE DEBUG CODE CWE-489 Sensormatic Electronics Illustra Pro Gen 4 contains a debug feature that is incorrectly set to enabled on newly manufactured cameras. Under some circumstances, over a long period of sustained attack, this could allow compromise of device credentials. CVE-2023-0954 has been assigned to this vulnerabi...
Categories: Exploits and vulnerabilities Categories: News Tags: Google Tags: Chrome Tags: V8 Tags: heap corruption Tags: type confusion Tags: CVE-2023-3079 Google has released a Chrome update for a zero-day for which an exploit is actively being used in the wild. (Read more...) The post Update Chrome now! Google patches actively exploited zero-day appeared first on Malwarebytes Labs.
TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the staticGw parameter at /setting/setWanIeCfg.
xxl-rpc v1.7.0 was discovered to contain a deserialization vulnerability via the component com.xxl.rpc.core.remoting.net.impl.netty.codec.NettyDecode#decode.