CVE-2023-28929

Trend Micro Security 2021, 2022, and 2023 Consumer are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started...

The vulnerability of the DashBoard.exe executable file of the Dashboard module in the Interactive Graphical SCADA System (IGSS) allows a intruder to execute arbitrary code.

The vulnerability of the DashBoard.exe executable file of the Dashboard module in the Interactive Graphical SCADA System IGSS is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

CVE-2023-32752

L7 Networks InstantScan IS-8000 & InstantQoS IQ-8000’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt servi...

CVE-2023-32752

L7 Networks InstantScan IS-8000 & InstantQoS IQ-8000’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt servi...

CVE-2023-32753

OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service...

CVE-2023-32753 ITPison OMICARD EDM - Arbitrary File Upload

OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service...

LabCollector 代码问题漏洞

LabCollector is an all-in-one laboratory management platform from LabCollector, Inc. A security vulnerability exists in LabCollector versions 6.0 through 6.15. An attacker can exploit the vulnerability to upload executable PHP files and execute system commands...

Microsoft Windows PowerShell Remote Command Execution

from base64 import b64encode import argparse,sys,os PSTrojanFile.py By hyp3rlinx c 2023 ApparitionSec hyp3rlinx.altervista.org twitter.com/hyp3rlinx twitter.com/malvuln PoC Video: https://www.youtube.com/watch?v=-ZJnA70Cf4I...

The vulnerability of the FrameworkX.exe executable file of the Proficy Machine Edition programming software for programmable logic controllers allows a attacker to trigger a service failure.

The vulnerability of the FrameworkX.exe executable file of the Proficy Machine Edition programming software for programmable logic controllers involves insufficient validation of input data during the processing of the dynamic library fxVPStatcTcp.dll. Exploiting this vulnerability can allow an...

CVE-2023-28700

OMICARD EDM backend system’s file uploading function does not restrict upload of file with dangerous type. A local area network attacker with administrator privileges can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt servic...

CVE-2023-28700 ITPison OMICARD EDM - Arbitrary File Upload

OMICARD EDM backend system’s file uploading function does not restrict upload of file with dangerous type. A local area network attacker with administrator privileges can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt servic...

CVE-2023-34312

In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProtect.exe and QQProtectEngine.dll do not validate pointers from inter-process communication, which leads to a write-what-where condition...

Delta Electronics CNCSoft-B DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Critical Firmware Vulnerability in Gigabyte Systems Exposes ~7 Million Devices

Cybersecurity researchers have found "backdoor-like behavior" within Gigabyte systems, which they say enables the UEFI firmware of the devices to drop a Windows executable and retrieve updates in an unsecure format. Firmware security firm Eclypsium said it first detected the anomaly in April 2023...

Critical Firmware Vulnerability in Gigabyte Systems Exposes ~7 Million Devices

Cybersecurity researchers have found "backdoor-like behavior" within Gigabyte systems, which they say enables the UEFI firmware of the devices to drop a Windows executable and retrieve updates in an unsecure format. Firmware security firm Eclypsium said it first detected the anomaly in April 2023...

CVE-2023-28348

An issue was discovered in Faronics Insight 10.0.19045 on Windows. A suitably positioned attacker could perform a man-in-the-middle attack on either a connected student or teacher, enabling them to intercept student keystrokes or modify executable files being sent from teachers to students...

Fedora: Security Advisory for python2.7 (FEDORA-2023-953c2607d8)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-28348

The CVE-2023-28348 entry affects Faronics Insight version 10.0.19045. The root cause is unencrypted storage in the Teacher Console and Student Console components, enabling a nearby attacker to perform a man-in-the-middle attack by sending specially crafted HTTP requests to port 8890, intercepting...

[SECURITY] Fedora 38 Update: python2.7-2.7.18-31.fc38

Python 2 is an old version of the language that is incompatible with the 3.x line of releases. The language is mostly the same, but many details, especial ly how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been...

New PowerExchange Backdoor Used in Iranian Cyber Attack on UAE Government

An unnamed government entity associated with the United Arab Emirates U.A.E. was targeted by a likely Iranian threat actor to breach the victim's Microsoft Exchange Server with a "simple yet effective" backdoor dubbed PowerExchange. According to a new report from Fortinet FortiGuard Labs, the...