Security
Headlines
HeadlinesLatestCVEs

Tag

#git

Persistence – Windows Telemetry

Microsoft has introduced the compatibility telemetry in order to collect usage and performance data about Windows systems. The telemetry tasks are collected via the binary… Continue reading → Persistence – Windows Telemetry

Pentestlab
#windows#microsoft#git
CVE-2023-38407: bgpd: Fix use beyond end of stream of labeled unicast parsing (backport #12951) by mergify[bot] · Pull Request #12956 · FRRouting/frr

bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.

CVE-2023-38406: bgpd: Flowspec overflow issue by donaldsharp · Pull Request #12884 · FRRouting/frr

bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow."

CVE-2023-4625: JVNVU#94620134: 三菱電機製MELSECシリーズにおける複数の脆弱性

Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after the attacker has attempted to log in illegally by continuously attempting unauthorized login to the Web server function. The impact of this vulnerability will persist while the attacker continues to attempt unauthorized login.

CVE-2023-47271: Sanitize cover image filename in native import · Issue #9464 · pkp/pkp-lib

PKP-WAL (aka PKP Web Application Library or pkp-lib) before 3.3.0-16, as used in Open Journal Systems (OJS) and other products, does not verify that the file named in an XML document (used for the native import/export plugin) is an image file, before trying to use it for an issue cover image.

GHSA-8pp6-5qpw-85g3: Magnesium-PHP Injection vulnerability

** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Magnesium-PHP up to 0.3.0. It has been classified as problematic. Affected is the function formatEmailString of the file `src/Magnesium/Message/Base.php`. The manipulation of the argument email/name leads to injection. Upgrading to version 0.3.1 is able to address this issue. The patch is identified as 500d340e1f6421007413cc08a8383475221c2604. It is recommended to upgrade the affected component. VDB-244482 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

October 2023: back to Positive Technologies, Vulristics updates, Linux Patch Wednesday, Microsoft Patch Tuesday, PhysTech VM lecture

Hello everyone! October was an interesting and busy month for me. I started a new job, worked on my open source Vulristics project, and analyzed vulnerabilities using it. Especially Linux vulnerabilities as part of my new Linux Patch Wednesday project. And, of course, analyzed Microsoft Patch Tuesday as well. In addition, at the end of […]

CVE-2023-46981: Cve-List/novel-plus/20231027/vuln/readme.md at main · JunFengDeng/Cve-List

SQL injection vulnerability in Novel-Plus v.4.2.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /common/log/list.

CVE-2023-46963: glassfish/Proof-of-vulnerability.md at main · NBSLclass/glassfish

An issue in Beijing Yunfan Internet Technology Co., Ltd, Yunfan Learning Examination System v.6.5 allows a remote attacker to obtain sensitive information via the password parameter in the login function.

Provocative Facebook Ads Leveraged to Deliver NodeStealer Malware

By Deeba Ahmed Beware of Provocative Facebook Ads, Warn Researchers! This is a post from HackRead.com Read the original post: Provocative Facebook Ads Leveraged to Deliver NodeStealer Malware