#windows

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function set_tftp_upgrad.

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function version_set.

Cross Site Request Forgery (CSRF) vulnerability in FlyCms 1.0 allows attackers to add arbitrary administrator accounts via system/admin/admin_save.

Cross Site Scripting (XSS) vulnerability in MIPCMS 3.6.0 allows attackers to execute arbitrary code via the category name field to categoryEdit.

File upload vulnerability in MCMS 5.0 allows attackers to execute arbitrary code via a crafted thumbnail. A different vulnerability than CVE-2022-31943.

LockBit maintained its position as the top ransomware attacker and was also observed expanding into the Mac space. (Read more...) The post Ransomware review: May 2023 appeared first on Malwarebytes Labs.

Judging Management System v1.0 is vulnerable to SQL Injection. via /php-jms/review_se_result.php?mainevent_id=.

Categories: News The most interesting security related news of the week from May 1 till 7 (Read more...) The post A week in security (May 1 - 7) appeared first on Malwarebytes Labs.

Categories: News Tags: Chrome Tags: Windows Tags: Edge Tags: browser Tags: update Tags: Microsoft Tags: default Tags: install We take a look at trouble brewing in browser land after a controversial Windows update leaves Chrome fans without a useful feature. (Read more...) The post Microsoft vs Google spat sees users rolling back security updates to fix browser issues appeared first on Malwarebytes Labs.

An advanced persistent threat (APT) actor known as Dragon Breath has been observed adding new layers of complexity to its attacks by adopting a novel DLL side-loading mechanism. "The attack is based on a classic side-loading attack, consisting of a clean application, a malicious loader, and an encrypted payload, with various modifications made to these components over time," Sophos researcher