Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Microsoft GamingServicesNet 12.77.3001.0 Unquoted Service Path

Microsoft GamingServicesNet version 12.77.3001.0 suffers from an unquoted service path vulnerability.

Packet Storm
#vulnerability#windows#microsoft#auth#sap
Apple Zeed ALL YOUR STYLE CMS 2.0 SQL Injection

Apple Zeed ALL YOUR STYLE CMS version 2.0 suffers from a remote SQL injection vulnerability.

Vaskar Courier 3.2.0 Insecure Settings

Vaskar Courier version 3.2.0 appears to leave default credentials installed after installation.

Critical Firmware Backdoor in Gigabyte Systems Exposes ~7 Million Devices

Cybersecurity researchers have found "backdoor-like behavior" within Gigabyte systems, which they say enables the UEFI firmware of the devices to drop a Windows executable and retrieve updates in an unsecure format. Firmware security firm Eclypsium said it first detected the anomaly in April 2023. Gigabyte has since acknowledged and addressed the issue. "Most Gigabyte firmware includes a Windows

Millions of Gigabyte Motherboards Were Sold With a Firmware Backdoor

Hidden code in hundreds of models of Gigabyte motherboards invisibly and insecurely downloads programs—a feature ripe for abuse, researchers say.

CVE-2023-3008: webray.com.cn/sql_inject.md at main · Xor-Gerke/webray.com.cn

A vulnerability classified as critical has been found in ningzichun Student Management System 1.0. This affects an unknown part of the file login.php. The manipulation of the argument user/pass leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230355.

CVE-2023-3007: webray.com.cn/password_reset.md at main · Xor-Gerke/webray.com.cn

A vulnerability was found in ningzichun Student Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file resetPassword.php of the component Password Reset Handler. The manipulation of the argument sid leads to weak password recovery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-230354 is the identifier assigned to this vulnerability.

CISA issues warning to US businesses: Beware of China's state-sponsored cyber actor

Categories: Business US businesses: watch out for Volt Typhoon, a threat actor sponsored by the People’s Republic of China (PRC). (Read more...) The post CISA issues warning to US businesses: Beware of China's state-sponsored cyber actor appeared first on Malwarebytes Labs.

CVE-2023-28353: Technical Advisory – Multiple Vulnerabilities in Faronics Insight (CVE-2023-28344, CVE-2023-28345, CVE-2023-28346, CVE-2023-28347, CVE-2023-28348, CVE-2023-28349, CVE-2023-28350, CVE-2023-28351, CVE-2

An issue was discovered in Faronics Insight 10.0.19045 on Windows. An unauthenticated attacker is able to upload any type of file to any location on the Teacher Console's computer, enabling a variety of different exploitation paths including code execution. It is also possible for the attacker to chain this vulnerability with others to cause a deployed DLL file to immediately execute as NT AUTHORITY/SYSTEM.

CVE-2023-2939

Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium)