Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2022-47514: XML-RPC.Net - Downloads

An XML external entity (XXE) injection vulnerability in XML-RPC.NET before 2.5.0 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, as demonstrated by a pingback.aspx POST request.

CVE
Open in Source
#vulnerability#web#windows#microsoft#linux#c++#ssrf#auth
An Alleged Russian Smuggling Ring Was Uncovered in New Hampshire

Plus: An FBI platform got hacked, an ex-Twitter employee is sentenced for espionage, malicious Windows 10 installers circulate in Ukraine, and more.

Samba Issues Security Updates to Patch Multiple High-Severity Vulnerabilities

Samba has released software updates to remediate multiple vulnerabilities that, if successfully exploited, could allow an attacker to take control of affected systems. The high-severity flaws, tracked as CVE-2022-38023, CVE-2022-37966, CVE-2022-37967, and CVE-2022-45141, have been patched in versions 4.17.4, 4.16.8 and 4.15.13 released on December 15, 2022. Samba is an open source Windows

CVE-2021-31650: Offensive Security’s Exploit Database Archive

A SQL injection vulnerability in Sourcecodester Online Grading System 1.0 allows remote attackers to execute arbitrary SQL commands via the uname parameter.

New Botnet Targeting Minecraft Servers Poses Potential Enterprise Threat

Microsoft warns enterprises should pay attention to a new botnet used to launch DDoS attacks on private Minecraft Java servers.

Microsoft Alert: DDoS Botnet Hit Private Minecraft Servers

By Waqas Dubbed "MCCrash" by Microsoft, the DDoS botnet is currently targeting private Minecraft servers globally. This is a post from HackRead.com Read the original post: Microsoft Alert: DDoS Botnet Hit Private Minecraft Servers

Threat Round up for December 9 to December 16

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Dec. 9 and Dec. 16. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key

CVE-2022-41964: Release BigBlueButton 2.4.0 · bigbluebutton/bigbluebutton

BigBlueButton is an open source web conferencing system. This vulnerability only affects release candidates of BigBlueButton 2.4. The attacker can start a subscription for poll results before starting an anonymous poll, and use this subscription to see individual responses in the anonymous poll. The attacker had to be a meeting presenter. This issue is patched in version 2.4.0. There are no workarounds.

CVE-2022-41992: TALOS-2022-1644 || Cisco Talos Intelligence Group

A memory corruption vulnerability exists in the VHD File Format parsing CXSPARSE record functionality of PowerISO PowerISO 8.3. A specially-crafted file can lead to an out-of-bounds write. A victim needs to open a malicious file to trigger this vulnerability.

CVE-2022-44502: Adobe Security Bulletin

Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.