36 matches found
CVE-2023-36004
Windows DPAPI Data Protection Application Programming Interface Spoofing Vulnerability...
CVE-2023-36004 Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability
...
Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability
...
Microsoft Windows DPAPI Security Vulnerability
Microsoft Windows is a suite of operating systems for personal devices from the U.S.-based Microsoft Corporation. A security vulnerability exists in Microsoft Windows DPAPI Data Protection Application Programming Interface. An attacker could exploit this vulnerability to perform spoofing attacks...
December 13, 2022—KB5021234 (OS Build 22000.1335)
December 13, 2022—KB5021234 OS Build 22000.1335 11/8/22 IMPORTANT Because of minimal operations during the holidays and the upcoming Western new year, there won’t be a non-security preview release for the month of December 2022. There will be a monthly security release known as a “B” release for...
PT-2022-5615 · Microsoft · Windows Dpapi +1
Name of the Vulnerable Software and Affected Versions: Windows DPAPI affected versions not specified Description: The issue is related to a lack of protection for sensitive data in the Windows DPAPI component, allowing an attacker to disclose protected information. This can enable attackers to...
Microsoft Windows DPAPI 安全漏洞
Microsoft Windows is a suite of operating systems for personal devices from the U.S.-based Microsoft Corporation. A security vulnerability exists in Microsoft Windows DPAPI Data Protection Application Programming Interface. The following products and versions are affected: Windows 11 for x64-base...
GHSA-7G54-VGP6-JJ5W XML External Entity Reference in Apache Sling
In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to read sensitive data on...
ForgeCert - "Golden" Certificates
ForgeCert uses the BouncyCastle C API and a stolen Certificate Authority CA certificate + private key to forge certificates for arbitrary users capable of authentication to Active Directory. This attack is codified as DPERSIST1 in our "Certified Pre-Owned" whitepaper. This code base was released ...
InvisiMole Group Resurfaces Touting Fresh Toolset, Gamaredon Partnership
The InvisiMole threat group has resurfaced in a new campaign, revealing a new toolset and a strategic collaboration with the high-profile Gamaredon advanced persistent threat APT group. InvisiMole was first uncovered by ESET in 2018, with cyberespionage activity dating back to 2013 in operations ...
APSB18-04 Security updates available for Adobe Experience Manager
Adobe has released security updates for Adobe Experience Manager. These updates resolve a reflected cross-site scripting vulnerability CVE-2018-4875 rated moderate, and a cross-site scripting vulnerability CVE-2018-4876 in Apache Sling XSS protection API rated important...
Cross site request forgery (csrf)
In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to read sensitive data on...
CVE-2016-6798
In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to read sensitive data on...
CVE-2016-6798
In Apache Sling, the XSS Protection API module is affected: versions before 1.0.12 use an insecure SAX parser in XSS.getValidXML(), enabling XML External Entity (XXE) attacks. This can allow attackers to read filesystem data, enable SSRF, perform port scanning behind a firewall, or cause DoS. Pub...
iOS 9.3.4 Patches Critical Code Execution Flaw
Apple last week patched a critical iOS memory corruption vulnerability that could allow attackers to execute code on compromised devices. The flaw was found by Team Pangu, a Chinese hacker group that specializes in building iOS jailbreak tools. The vulnerability is fixed in iOS 9.3.4. “An...
Multiple vulnerabilities in TYPO3 Core
It has been discovered that TYPO3 Core is vulnerable to Arbitrary Code Execution, Path Traversal, Cross-Site Scripting XSS, SQL injection and Information Disclosure. Component Type: TYPO3 Core Affected Versions: 4.2.15 and below, 4.3.8 and below, 4.4.4 and below Vulnerability Types: Arbitrary Cod...