Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Ecommerce 1.15 Insecure Settings

Ecommerce version 1.15 suffers from an ignored default credential vulnerability.

Packet Storm
Open in Source
#vulnerability#windows#google#php#auth#firefox
Car Rental Management System 1.0 Cross Site Scripting

Car Rental Management System version 1.0 suffers from a cross site scripting vulnerability.

BloodBank 1.1 Insecure Settings

BloodBank version 1.1 suffers from an ignored default credential vulnerability.

FlatPress 1.3.1 Path Traversal

FlatPress version 1.3.1 suffers from a path traversal vulnerability.

SolarWinds Releases Patch for Critical Flaw in Web Help Desk Software

SolarWinds has released patches to address a critical security vulnerability in its Web Help Desk software that could be exploited to execute arbitrary code on susceptible instances. The flaw, tracked as CVE-2024-28986 (CVSS score: 9.8), has been described as a deserialization bug. "SolarWinds Web Help Desk was found to be susceptible to a Java deserialization remote code execution vulnerability

Siemens SINEC NMS

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEC NMS Vulnerabilities: Use After Free, Improper Input Validation, Deserialization of Untrusted Data, Improper Restriction of Operations within the Bounds of a Memory Buffer, Uncontrolled Resource Consumption, Out-of-bounds Read, Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion'), Privilege Dropping / Lowering Errors, Allocation of Resources Without Limits or Throttling, Execution with Unnecessary Privileges, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Incorrect Authorization 2. RIS...

RansomHub Group Deploys New EDR-Killing Tool in Latest Cyber Attacks

A cybercrime group with links to the RansomHub ransomware has been observed using a new tool designed to terminate endpoint detection and response (EDR) software on compromised hosts, joining the likes of other similar programs like AuKill (aka AvNeutralizer) and Terminator. The EDR-killing utility has been dubbed EDRKillShifter by cybersecurity company Sophos, which discovered the tool in

Microsoft patches bug that could have allowed an attacker to revert your computer back to an older, vulnerable version

A researcher used two Windows vulnerabilities to perform downgrade attacks. These flaws have now been patched by Microsoft