Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

SyncBreeze 15.2.24 Denial Of Service

SyncBreeze version 15.2.24 suffers from a denial of service vulnerability.

Packet Storm
Open in Source
#vulnerability#web#windows#linux#dos#auth#firefox
GOM Player 2.3.90.5360 Buffer Overflow

GOM Player version 2.3.90.5360 suffers from a buffer overflow vulnerability.

Drupal 10.1.2 Web Cache Poisoning

Drupal version 10.1.2 appears to suffer from web cache poisoning due to a server-side request forgery vulnerability.

Wp2Fac 1.0 Command Injection

Wp2Fac version 1.0 suffers from an OS command injection vulnerability.

Windows/x64 PIC Null-Free TCP Reverse Shell Shellcode

476 bytes small Windows/x64 PIC null-free TCP reverse shell shellcode.

CVE-2023-4807

Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X86_64 processors supporting the AVX512-IFMA instructions. Impact summary: If in an application that uses the OpenSSL library an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL does not save the contents of non-volatile XMM registers on Windows 64 platform when calculating the MAC of data larger than 64 bytes. Before returning to the caller all the XMM registers are set to zero rather than restoring their previous content. The vulnerable code is used only on newer x86_64 processors supporting the AVX512-IFMA instructions. The consequences of this kind of internal application state corruption can be various - from...

Protecting Your Microsoft IIS Servers Against Malware Attacks

Microsoft Internet Information Services (IIS) is a web server software package designed for Windows Server. Organizations commonly use Microsoft IIS servers to host websites, files, and other content on the web. Threat actors increasingly target these Internet-facing resources as low-hanging fruit for finding and exploiting vulnerabilities that facilitate access to IT environments.  Recently, a

North Korean Hackers Exploit Zero-Day Bug to Target Cybersecurity Researchers

Threat actors associated with North Korea are continuing to target the cybersecurity community using a zero-day bug in unspecified software over the past several weeks to infiltrate their machines. The findings come from Google’s Threat Analysis Group (TAG), which found the adversary setting up fake accounts on social media platforms like X (formerly Twitter) and Mastodon to forge relationships

CVE-2023-41775: "direct" Desktop App for macOS fails to restrict access permissions

Improper access control vulnerability in 'direct' Desktop App for macOS ver 2.6.0 and earlier allows a local attacker to bypass access restriction and to use camrea, microphone, etc. of the device where the product is installed without the user's consent.

CVE-2023-32470: DSA-2023-224: Security Update for a Dell Digital Delivery Service Vulnerability

Dell Digital Delivery versions prior to 5.0.82.0 contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).