Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

Microsoft Patch Tuesday May 2023: Microsoft Edge, BlackLotus Secure Boot SFB, OLE RCE, Win32k EoP, NFS RCE, PGM RCE, LDAP RCE, SharePoint RCE

Hello everyone! This episode will be about Microsoft Patch Tuesday for May 2023, including vulnerabilities that were added between April and May Patch Tuesdays. As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Tenable, Rapid7, ZDI Patch Tuesday reviews. It’s been a […]

Alexander V. Leonov
#vulnerability#web#windows#google#microsoft#rce#ldap#auth#chrome#blog
Predator Android Spyware: Researchers Sound the Alarm on Alarming Capabilities

Security researchers have shared a deep dive into the commercial Android spyware called Predator, which is marketed by the Israeli company Intellexa (previously Cytrox). Predator was first documented by Google's Threat Analysis Group (TAG) in May 2022 as part of attacks leveraging five different zero-day flaws in the Chrome web browser and Android. The spyware, which is delivered by means of

2023 Online Course Registration 1.0 SQL Injection

2023 Online Course Registration version 1.0 suffers from a remote SQL Injection vulnerability that allows for authentication bypass.

Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware

Commercial spyware use is on the rise, with actors leveraging these sophisticated tools to conduct surveillance operations against a growing number of targets. Cisco Talos has new details of a commercial spyware product sold by the spyware firm Intellexa (formerly known as Cytrox).

Quicklancer 1.0 SQL Injection

Quicklancer version 1.0 suffers from a remote SQL injection vulnerability.

Tracking down a trojan: An inside look at threat hunting in a corporate network

Categories: Business How Malwarebytes MDR successfully helped a company detect and respond to the potent banking Trojan QBot. (Read more...) The post Tracking down a trojan: An inside look at threat hunting in a corporate network appeared first on Malwarebytes Labs.

CVE-2023-2494: Go Pricing - WordPress Responsive Pricing Tables

The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_postdata' function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin to modify access to the plugin when it should only be the administrator's privilege.

CVE-2023-31752: bug_report/SQLi-2.md at main · 4O4NtFd/bug_report

SourceCodester Employee and Visitor Gate Pass Logging System v1.0 is vulnerable to SQL Injection via /employee_gatepass/classes/Login.php.