4564 matches found
ARRIS DG3450 访问控制错误漏洞
The ARRIS DG3450 is a cable gateway from ARRIS America. A security vulnerability exists in the ARRIS DG3450 Cable Gateway AR01.02.056.18041520711.NCS.10 version, which stems from the log file download feature not checking for session cookies.An attacker can exploit this vulnerability to download...
Security Bulletin: Vulnerability in lighttpd affects IBM Integrated Management Module (IMM) (CVE-2015-3200)
Summary IBM Integrated Management Module IMM has addressed the following vulnerability in lighttpd. Vulnerability Details Summary IBM Integrated Management Module IMM has addressed the following vulnerability in lighttpd. Vulnerability Details: CVE-ID: CVE-2015-3200 Description: lighttpd could...
The vulnerability of the CLFS log system driver for Windows operating systems allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the CLFS log system driver in Windows operating systems is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
PT-2023-21215 · Unknown · Dg3450 Cable Gateway
Name of the Vulnerable Software and Affected Versions: DG3450 Cable Gateway version AR01.02.056.18 041520 711.NCS.10 Description: An issue was discovered in the log file download functionality of the troubleshooting logs download.php file, which does not check the session cookie. This allows an...
CVE-2023-27571
An issue was discovered in DG3450 Cable Gateway AR01.02.056.18041520711.NCS.10. The troubleshootinglogsdownload.php log file download functionality does not check the session cookie. Thus, an attacker can download all log files...
CVE-2023-27571
CVE-2023-27571 affects Arris DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. The vulnerability is due to the troubleshooting_logs_download.php log file download function not checking the session cookie, enabling an attacker to download all log files. Documents confirm affected software/ver...
CVE-2023-27571
An issue was discovered in DG3450 Cable Gateway AR01.02.056.18041520711.NCS.10. The troubleshootinglogsdownload.php log file download functionality does not check the session cookie. Thus, an attacker can download all log files...
The vulnerability of the Windows Common Log File System (CLFS) driver in the Windows operating system allows a hacker to gain elevated privileges.
The vulnerability of the Windows Common Log File System CLFS driver in the Windows operating system is related to operations that go beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to gain increased privileges...
CVE-2023-28252
Windows Common Log File System Driver Elevation of Privilege Vulnerability...
CVE-2023-28266
Windows Common Log File System Driver Information Disclosure Vulnerability...
CVE-2023-28252
Windows Common Log File System Driver Elevation of Privilege Vulnerability...
CVE-2023-28266
Windows Common Log File System Driver Information Disclosure Vulnerability...
Information disclosure
Windows Common Log File System Driver Information Disclosure Vulnerability...
CVE-2023-28252 Windows Common Log File System Driver Elevation of Privilege Vulnerability
...
CVE-2023-28252 Windows Common Log File System Driver Elevation of Privilege Vulnerability
...
CVE-2023-28252
CVE-2023-28252 – Windows CLFS driver local privilege escalation : The vulnerability stems from CLFS.sys handling of file blocks in memory (m_rgBlocks) and associated metadata, enabling an out-of-bounds access that lets an unprivileged user hijack the SYSTEM token. Public PoCs and in-the-wild acti...
CVE-2023-28266 Windows Common Log File System Driver Information Disclosure Vulnerability
...
Nokoyawa ransomware attacks with Windows zero-day
Updated April 20, 2023 In February 2023, Kaspersky technologies detected a number of attempts to execute similar elevation-of-privilege exploits on Microsoft Windows servers belonging to small and medium-sized businesses in the Middle East, in North America, and previously in Asia regions. These...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-28252link is external Microsoft Windows Common Log File System CLFS Driver Privilege Escalation Vulnerability These types of vulnerabilities are frequent attack...
Windows Common Log File System Driver Elevation of Privilege Vulnerability
...