Security
Headlines
HeadlinesLatestCVEs

Tag

#acer

CVE-2023-3545: Security issues - Chamilo LMS

Improper sanitisation in `main/inc/lib/fileUpload.lib.php` in Chamilo LMS <= v1.11.20 on Windows and Apache installations allows unauthenticated attackers to bypass file upload security protections and obtain remote code execution via uploading of `.htaccess` file. This vulnerability may be exploited by privileged attackers or chained with unauthenticated arbitrary file write vulnerabilities, such as CVE-2023-3533, to achieve remote code execution.

CVE
Open in Source
#sql#xss#csrf#vulnerability#web#mac#windows#apple#google#apache#js#git#java#wordpress#php#rce#perl#ssrf#pdf#acer#auth#ssh#ibm#sap
CVE-2023-48034: GitHub - aprkr/CVE-2023-48034: Weak encryption in Acer Wireless Keyboard SK-9662 allows attacker in physical proximity to both decrypt wireless keystrokes and inject wireless arbitrary keystrokes.

An issue discovered in Acer Wireless Keyboard SK-9662 allows attacker in physical proximity to both decrypt wireless keystrokes and inject arbitrary keystrokes via use of weak encryption.

CVE-2023-40194: TALOS-2023-1833 || Cisco Talos Intelligence Group

An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to mistreatment of whitespace characters. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.

It's Time to Log Off

There’s a devastating amount of heavy news these days. Psychology experts say you need to know your limits—and when to put down the phone.

CVE-2023-41570: CVE-2023-41570: Access Control vulnerability in MikroTik REST API

MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in place for the Rest API.

Ubuntu Security Notice USN-6478-1

Ubuntu Security Notice 6478-1 - It was discovered that Traceroute did not properly parse command line arguments. An attacker could possibly use this issue to execute arbitrary commands.

The Mirai Confessions: Three Young Hackers Who Built a Web-Killing Monster Finally Tell Their Story

Netflix, Spotify, Twitter, PayPal, Slack. All down for millions of people. How a group of teen friends plunged into an underworld of cybercrime and broke the internet—then went to work for the FBI.

Signal Is Finally Testing Usernames

Plus: A DDoS attack shuts down ChatGPT, Lockbit shuts down a bank, and a communications breakdown between politicians and Big Tech.

Threat Roundup for November 3 to November 10

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 3 and Nov. 10. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key

Sandworm Hackers Caused Another Blackout in Ukraine—During a Missile Strike

Russia's most notorious military hackers successfully sabotaged Ukraine's power grid for the third time last year. And in this case, the blackout coincided with a physical attack.