CVE-2023-36853 Keysight Geolocation Server Exposed Dangerous Method or Function

​In Keysight Geolocation Server v2.4.2 and prior, a low privileged attacker could create a local ZIP file containing a malicious script in any location. The attacker could abuse this to load a DLL with SYSTEM privileges...

CVE-2023-36853

Keysight Geolocation Server (affected: v2.4.2 and earlier) is impacted by CVE-2023-36853. A low-privileged attacker can craft a local ZIP file containing a malicious script in any location, enabling loading of a DLL with SYSTEM privileges. This is described as an Exposed Dangerous Method or Funct...

CVE-2023-34394 Keysight N6845A Relative Path Traversal

In Keysight Geolocation Server v2.4.2 and prior, an attacker could upload a specially crafted malicious file or delete any file or directory with SYSTEM privileges due to an improper path validation, which could result in local privilege escalation or a denial-of-service condition...

CVE-2023-34394 Keysight N6845A Relative Path Traversal

In Keysight Geolocation Server v2.4.2 and prior, an attacker could upload a specially crafted malicious file or delete any file or directory with SYSTEM privileges due to an improper path validation, which could result in local privilege escalation or a denial-of-service condition...

CVE-2023-34394

In CVE-2023-34394, Keysight Geolocation Server versions up to v2.4.2 are affected by a path validation issue that allows an attacker to upload a crafted malicious file or delete files/directories with SYSTEM privileges. The underlying root cause is improper path validation, enabling local privile...

Keysight Technologies N6854A Geolocation server 代码问题漏洞

Keysight Technologies N6854A Geolocation server is a geolocation server from Keysight Technologies. A security vulnerability exists in Keysight Geolocation Server v2.4.2 and prior versions, which can be exploited by a low-privileged attacker to load a DLL with system privileges by creating a loca...

Keysight Technologies N6854A Geolocation server 代码问题漏洞

Keysight Technologies N6854A Geolocation server is a geolocation server from Keysight Technologies, Inc. A security vulnerability exists in Keysight Geolocation Server v2.4.2 and prior versions, which stems from improper path validation and allows an attacker to upload a specially crafted malicio...

The vulnerability of Keysight N6854A geolocation server microprogramming software relates to the use of dangerous methods or functions that allow a intruder to execute arbitrary code.

The vulnerability of Keysight N6854A geolocation server microprogramming software is related to the use of dangerous methods or functions. Exploiting this vulnerability could allow a attacker to execute arbitrary code using a specially crafted ZIP file...

The vulnerability of Keysight N6854A geolocation server microprogramming software, related to errors in processing the relative path to the catalog, allows a intruder to execute arbitrary code.

The vulnerability of Keysight N6854A geolocation server microprogramming software is related to errors in processing the relative path to the catalog. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially crafted file...

CISA Releases Seven Industrial Control Systems Advisories

CISA released seven Industrial Control Systems ICS advisories on July 18, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-199-01 Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A ICSA-23-199-02...

Keysight N6845A Geolocation Server

1. EXECUTIVE SUMMARY ​CVSS v3 7.8 ​ATTENTION: Low attack complexity ​Vendor: Keysight Technologies ​Equipment: N6854A Geolocation Server ​Vulnerabilities: Exposed Dangerous Method or Function, Relative Path Traversal 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow...

PT-2023-3574 · Keysight · Keysight Geolocation Server

Name of the Vulnerable Software and Affected Versions: Keysight Geolocation Server versions 2.4.2 and prior Description: The issue is related to improper path validation, which could allow an attacker to upload a specially crafted malicious file or delete any file or directory with SYSTEM...

Tracking Down a Suspect through Cell Phone Records

Interesting forensics in connection with a serial killer arrest: Investigators went through phone records collected from both midtown Manhattan and the Massapequa Park area of Long Island--two areas connected to a "burner phone" they had tied to the killings. In court, prosecutors later said the...

CVE-2023-35692

CVE-2023-35692 affects Google Pixel devices, tied to GeoLocation.java (getLocationCache). The root cause is improper input validation that could allow sending a mock location during an emergency call. Impact is local privilege escalation without extra execution privileges, with no user interactio...

French Police Will Be Able to Spy on People through Their Cell Phones

The French police are getting new surveillance powers: French police should be able to spy on suspects by remotely activating the camera, microphone and GPS of their phones and other devices, lawmakers agreed late on Wednesday, July 5. … Covering laptops, cars and other connected objects as well ...

CVE-2023-35343

Windows Geolocation Service Remote Code Execution Vulnerability...

CVE-2023-35343

Windows Geolocation Service Remote Code Execution Vulnerability...

CVE-2023-35343

Windows Geolocation Service Remote Code Execution Vulnerability...

Remote code execution

Windows Geolocation Service Remote Code Execution Vulnerability...

CVE-2023-35343

CVE-2023-35343 is a Windows Geolocation Service remote code execution vulnerability. The initial entry confirms an OS component (Windows Geolocation Service) with a CVSS v3.1 base score of 7.8 (High); attack vector listed as Local with User Interaction required, and impacts to confidentiality, in...