Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Rocket LMS 1.6 Cross Site Scripting

Rocket LMS version 1.6 suffers from a cross site scripting vulnerability.

Packet Storm
Open in Source
#xss#vulnerability#web#windows#apple#ubuntu#linux#js#auth#chrome#webkit
Asian Governments and Organizations Targeted in Latest Cyber Espionage Attacks

Government and state-owned organizations in a number of Asian countries have been targeted by a distinct group of espionage hackers as part of an intelligence gathering mission that has been underway since early 2021. "A notable feature of these attacks is that the attackers leveraged a wide range of legitimate software packages in order to load their malware payloads using a technique known as

Apple puts the password on life support with passkey

Categories: Apple Categories: News With the introduction of passkeys in iOS 16 and macOS Ventura, Apple is poised to sway a trend against the use of passwords. (Read more...) The post Apple puts the password on life support with passkey appeared first on Malwarebytes Labs.

CVE-2022-35841: Windows Enterprise App Management Service Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** The Enterprise App Management service exposes a COM class that could allow an authenticated attacker to install arbitrary SYSTEM services that run with SYSTEM privileges, which could result in remote code execution.

CVE-2022-34722: Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An unauthenticated attacker could send a specially crafted IP packet to a target machine that is running Windows and has IPSec enabled, which could enable a remote code execution exploitation.

CVE-2022-33679: Windows Kerberos Elevation of Privilege Vulnerability

**How could an attacker exploit this vulnerability?** An unauthenticated attacker could perform a man-in-the-middle network exploit to downgrade a client's encryption to the RC4-md4 cypher, followed by cracking the user's cypher key. The attacker could then compromise the user's Kerberos session key to elevate privileges.

CVE-2022-26928: Windows Photo Import API Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2022-30196: Windows Secure Channel Denial of Service Vulnerability

**How could an attacker exploit this vulnerability?** An unauthenticated attacker could exploit the vulnerability by sending specially crafted network traffic to the TLS server and could cause it to crash.