Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Car Dealer Pro 2.01 Backdoor Account

Car Dealer Pro version 2.01 has been reported as having a default backdoor account.

Packet Storm
Open in Source
#vulnerability#windows#google#backdoor#auth#firefox
Botble 5.28.3 Backdoor Account

Botble version 5.28.3 has been reported as having a default backdoor account.

Active Ecommerce CMS 6.4.0 Backdoor Account

Active Ecommerce CMS version 6.4.0 has been reported as having a default backdoor account.

CVE-2022-36664: Password Manger for IIS * User Manual * Version 1.0

Password Manager for IIS 2.0 has a cross-site scripting (XSS) vulnerability via the /isapi/PasswordManager.dll ResultURL parameter.

CVE-2019-19705: Realtek Audio Driver Vulnerability - Lenovo Support US

Realtek Audio Drivers for Windows, as used on the Lenovo ThinkPad X1 Carbon 20A7, 20A8, 20BS, and 20BT before 6.0.8882.1 and 20KH and 20KG before 6.0.8907.1 (and on many other Lenovo and non-Lenovo products), mishandles DLL preloading.

GuLoader Malware Utilizing New Techniques to Evade Security Software

Cybersecurity researchers have exposed a wide variety of techniques adopted by an advanced malware downloader called GuLoader to evade security software. "New shellcode anti-analysis technique attempts to thwart researchers and hostile environments by scanning entire process memory for any virtual machine (VM)-related strings," CrowdStrike researchers Sarang Sonawane and Donato Onofri said in a

2022 Top Five Immediate Threats in Geopolitical Context

As we are nearing the end of 2022, looking at the most concerning threats of this turbulent year in terms of testing numbers offers a threat-based perspective on what triggers cybersecurity teams to check how vulnerable they are to specific threats. These are the threats that were most tested to validate resilience with the Cymulate security posture management platform between January 1st and

A week in security (December 19 - 25)

Categories: News Tags: security vulnerabilities Tags: cryptocurrency Tags: lock and code Tags: SevenRooms Tags: adult popunder Tags: ad fraud Tags: AV-TEST Tags: Gemini Tags: cryptocurrency Tags: Play ransomware Tags: ransomware Tags: blocking IP addresses Tags: BEC scam Tags: BEC Tags: Bricklink Tags: Lego Tags: Netflix Tags: Disney+ Tags: password sharing Tags: The Guardian Tags: ransomware attack Tags: Godfather malware Tags: Godfather Tags: Android banking malware The most interesting security related news from the week of December 19 to 25. (Read more...) The post A week in security (December 19 - 25) appeared first on Malwarebytes Labs.

CVE-2022-44017: Multiple Critical Vulnerabilities in Simmeth System GmbH Supplier Manager (Lieferantenmanager)

An issue was discovered in Simmeth Lieferantenmanager before 5.6. Due to errors in session management, an attacker can log back into a victim's account after the victim logged out - /LMS/LM/#main can be used for this. This is due to the credentials not being cleaned from the local storage after logout.

CVE-2022-45892: Multiple critical vulnerabilities in Planet Enterprises Ltd - Planet eStream

In Planet eStream before 6.72.10.07, multiple Stored Cross-Site Scripting (XSS) vulnerabilities exist: Disclaimer, Search Function, Comments, Batch editing tool, Content Creation, Related Media, Create new user, and Change Username.