Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

PHP-Nuke Top Module SQL Injection

The Top module for PHP-Nuke versions 6.x and below 7.6 suffers from a remote SQL injection vulnerability.

Packet Storm
Open in Source
#sql#vulnerability#windows#google#php#auth
GoldenJackal Target Embassies and Air-Gapped Systems Using Malware Toolsets

A little-known threat actor tracked as GoldenJackal has been linked to a series of cyber attacks targeting embassies and governmental organizations with an aim to infiltrate air-gapped systems using two disparate bespoke toolsets. Victims included a South Asian embassy in Belarus and a European Union government (E.U.) organization, Slovak cybersecurity company ESET said. "The ultimate goal of

CVE-2024-43536: Windows Mobile Broadband Driver Remote Code Execution Vulnerability

**According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability?** An attacker needs physical access to the target computer to plug in a malicious USB drive.

CVE-2024-43528: Windows Secure Kernel Mode Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2024-43524: Windows Mobile Broadband Driver Remote Code Execution Vulnerability

**According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability?** An attacker needs physical access to the target computer to plug in a malicious USB drive.

CVE-2024-43523: Windows Mobile Broadband Driver Remote Code Execution Vulnerability

**According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability?** An attacker needs physical access to the target computer to plug in a malicious USB drive.

CVE-2024-43520: Windows Kernel Denial of Service Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** An attacker must send the user a malicious input file and convince the user to open said input file.

CVE-2024-43547: Windows Kerberos Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory read - unintentional read access to memory contents in kernel space from a user mode process.

CVE-2024-43546: Windows Cryptographic Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of OAEP decrypt information. An attacker could read the contents of OAEP decrypt from a user mode process.

CVE-2024-43522: Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.