#auth

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: Electrical discharge machines Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose, tamper with, destroy or delete information in the products, or cause a denial-of-service condition on the products. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Mitsubishi Electric reports that the following electrical discharge machines are affected by this vulnerability in Microsoft Message Queuing service: Wire-cut EDM MV Series MV1200S D-CUBES Series Standard system BRD-B60W000-**: all versions Wire-cut EDM MV Series MV2400S D-CUBES Series Standard system BRD-B60W000-**: all versions Wire-cut EDM MV Series MV4800S D-CUBES Series Standard system BRD-B60W000-**: all versions Wire-cut EDM MV Series MV1200R D-CUBES Series Standard system BRD-B60W000-**: all versions Wire-c...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Commend Equipment: WS203VICM Vulnerabilities: Argument Injection, Improper Access Control, Weak Encoding for Password 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive information or force the system to restart. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Commend reports that the following versions of WS203VICM video door station are affected: WS203VICM: version 1.7 and prior 3.2 Vulnerability Overview 3.2.1 ARGUMENT INJECTION CWE-88 A remote, unauthenticated attacker may be able to send crafted messages to the web server of the Commend WS203VICM causing the system to restart, interrupting service. CVE-2024-22182 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H). 3.2.2 IMPROPER ACCESS CONTROL CWE-284 A remote attacker ...

By Waqas The gaming industry is experiencing unprecedented growth, propelled by technological advancements and shifting consumer preferences. As the paradigm… This is a post from HackRead.com Read the original post: Exploring Data Privacy and Security in B2B Gaming Data

A Ukrainian national that is being accused of operating the Raccoon Infostealer in a Malware-as-a-Service has been extradited to the US.

ConnectWise has released software updates to address two security flaws in its ScreenConnect remote desktop and access software, including a critical bug that could enable remote code execution on affected systems. The vulnerabilities, which currently lack CVE identifiers, are listed below - Authentication bypass using an alternate path or channel (CVSS score: 10.0) Improper limitation of

In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication) method. Specifically, an application is vulnerable if: * The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly and a null authentication parameter is passed to it resulting in an erroneous true return value. An application is not vulnerable if any of the following is true: * The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly. * The application does not pass null to AuthenticationTrustResolver.isFullyAuthenticated * The application only uses isFullyAuthenticated via Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html  or HTTP Request Security https://docs.spring.io/spring-security/reference/servl...

A critical security flaw in the Bricks theme for WordPress is being actively exploited by threat actors to run arbitrary PHP code on susceptible installations. The flaw, tracked as CVE-2024-25600 (CVSS score: 9.8), enables unauthenticated attackers to achieve remote code execution. It impacts all versions of the Bricks up to and including 1.9.6. It has been addressed by the theme developers in&

Active Directory users that have the Kerberos pre-authentication enabled and require access to a resource initiate the Kerberos authentication process by sending an Authentication Server… Continue reading → AS-REP Roasting

Active Directory users that have the Kerberos pre-authentication enabled and require access to a resource initiate the Kerberos authentication process by sending an Authentication Server… Continue reading → AS-REP Roasting

By Waqas All known dark web domains operated by the notorious LockBit Ransomware Gang are displaying a law enforcement seizure notice. This is a post from HackRead.com Read the original post: 8 LockBit Ransomware Gang Domains Seized in Global Operation