Lucene search
+L

275 matches found

CVE
CVE
added 2023/11/06 12:27 p.m.195 views

CVE-2023-5964

The CVE-2023-5964 issue affects the 1E Exchange End-User Interaction product pack, specifically the 1E-Exchange-DisplayMessage instruction. The vulnerability arises from improper validation of Caption and Message parameters, enabling arbitrary code execution with SYSTEM privileges on Windows clie...

9.9CVSS8AI score0.00828EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/11/06 12:27 p.m.25 views

CVE-2023-5964 1E-Exchange-DisplayMessage instruction allows for arbitrary code execution

The 1E-Exchange-DisplayMessageinstruction that is part of the End-User Interaction product pack available on the 1E Exchange does not properly validate the Caption or Message parameters, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This...

9.9CVSS9.8AI score0.00828EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/11/06 12:27 p.m.17 views

CVE-2023-5964 1E-Exchange-DisplayMessage instruction allows for arbitrary code execution

The 1E-Exchange-DisplayMessageinstruction that is part of the End-User Interaction product pack available on the 1E Exchange does not properly validate the Caption or Message parameters, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This...

9.9CVSS8AI score0.00828EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/11/06 12:0 a.m.6 views

1E Platform Security Vulnerability

1E Platform is a terminal endpoint management and automation solution from 1E. A security vulnerability exists in prior versions of 1E Platform-Exchange Product Pack-End-User Interaction 23 that stems from not properly validating the Caption or Message parameters, allowing an attacker to execute...

9.9CVSS7.7AI score0.00828EPSS
Exploits0References4
Citrix
Citrix
added 2023/06/16 12:0 a.m.7 views

Randomly Failure when Launching Virtual Desktop through NetScaler Gateway

Randomly, end user would report Virtual Desktop launching failure issue via NetScaler Gateway...

7.1AI score
Exploits0
CNVD
CNVD
added 2023/05/17 12:0 a.m.46 views

OpenEMR Access Control Error Vulnerability (CNVD-2023-40910)

OpenEMR is an open source medical management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing requests. An Access Control Error vulnerability exists in OpenEMR versions prior to 7.0.1,...

8.8CVSS6.6AI score0.0061EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/05/12 12:0 a.m.5 views

OpenEMR 访问控制错误漏洞

OpenEMR is an open source medical management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing requests. An Access Control Error vulnerability exists in OpenEMR versions prior to 7.0.1,...

8.8CVSS6.7AI score0.0061EPSS
Exploits1References3
Huntr
Huntr
added 2023/03/13 1:52 a.m.14 views

Cross Site Scripting (XSS) in Assets

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a differen...

4.3CVSS5.9AI score0.00556EPSS
Exploits1References1
NVD
NVD
added 2023/02/13 8:15 p.m.69 views

CVE-2023-25718

In ConnectWise Control through 22.9.10032 formerly known as ScreenConnect, after an executable file is signed, additional instructions can be added without invalidating the signature, such as instructions that result in offering the end user a different attacker-controlled executable file. It is...

9.8CVSS8.7AI score0.00685EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/02/13 12:0 a.m.18 views

CVE-2023-25718

In ConnectWise Control through 22.9.10032 formerly known as ScreenConnect, after an executable file is signed, additional instructions can be added without invalidating the signature, such as instructions that result in offering the end user a different attacker-controlled executable file. It is...

9.5AI score0.00685EPSS
Exploits0References3
OpenSSL
OpenSSL
added 2023/02/07 12:0 a.m.101 views

Vulnerability in OpenSSL - Use-after-free following BIO_new_NDEF

The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the...

7.9AI score0.04494EPSS
Exploits0Affected Software1
Qualys Blog
Qualys Blog
added 2023/02/06 2:0 p.m.25 views

macOS Patching Is Here!

In the past few years, many of our customers have seen a sharp increase in the number of Mac devices introduced to their environment. All those new Mac devices introduce new vulnerabilities that must be remediated. To keep up with the new volume of vulnerabilities, organizations had to opt-in, bu...

1.2AI score
Exploits0
RedHat Linux
RedHat Linux
added 2022/12/07 7:19 p.m.50 views

Low: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2.4 (python-django-horizon) security update

An update for python-django-horizon is now available for Red Hat OpenStack Platform 16.2.4 Train on Red Hat Enterprise Linux RHEL 8.4. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

6.5CVSS6.5AI score0.00471EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/11/28 12:0 a.m.6 views

Shenzhen Fujia Technology OurPhoto 安全漏洞

Shenzhen Fujia Technology OurPhoto is a cloud photo frame software from Shenzhen Fujia Technology, China. It allows you to share photos and video files directly on your cell phone. A security vulnerability exists in Shenzhen Fujia Technology OurPhoto version 1.4.1 that stems from the usertoken...

6.5CVSS6.6AI score0.00507EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2022/11/22 12:7 p.m.34 views

Here's How to Ensure Your Incident Response Strategy is Ready for Holiday Hackers

The best line of defense against holiday hacking schemes is a comprehensive incident response strategy that focuses on end-user vulnerabilities. The holiday season is upon us and with it a slew of cybersecurity scams preying on end-user vulnerabilities. Because employees often use their business...

0.2AI score
Exploits0
Microsoft KB
Microsoft KB
added 2022/11/22 12:0 a.m.21 views

November 22, 2022—KB5020032 (OS Build 20348.1311) Preview

None None...

6.1AI score
Exploits0
OSV
OSV
added 2022/10/19 8:15 a.m.14 views

CVE-2022-42466

Prior to 2.0.0-M9, it was possible for an end-user to set the value of an editable string property of a domain object to a value that would be rendered unchanged when the value was saved. In particular, the end-user could enter javascript or similar and this would be executed. As of this release,...

6.1CVSS6.2AI score
Exploits0References2
Rapid7 Blog
Rapid7 Blog
added 2022/08/25 4:36 p.m.14 views

[The Lost Bots] S02E03: Browser-in-Browser Attacks — Don't Get (Cat)-Phished

!\The Lost Bots\ S02E03: Browser-in-Browser Attacks — Don't Get \Cat-Phishedhttps://blog.rapid7.com/content/images/2022/08/The-Lost-Bots-logo-large.png Welcome back to The Lost Bots! In our latest episode, we're talking about phishing attacks — but not your standard run-of-the-mill version...

0.1AI score
Exploits0
ICS
ICS
added 2022/08/25 12:0 p.m.70 views

2021 Top Malware Strains

Summary Immediate Actions You Can Take Now to Protect Against Malware: • Patch all systems and prioritize patching known exploited vulnerabilities. • Enforce multifactor authentication MFA. • Secure Remote Desktop Protocol RDP and other risky services. • Make offline backups of your data. • Provi...

8.8CVSS9.5AI score0.96843EPSS
Exploits38References94
The Hacker News
The Hacker News
added 2022/08/18 9:20 a.m.61 views

Hackers Using Bumblebee Loader to Compromise Active Directory Services

The malware loader known as Bumblebee is being increasingly co-opted by threat actors associated with BazarLoader, TrickBot, and IcedID in their campaigns to breach target networks for post-exploitation activities. "Bumblebee operators conduct intensive reconnaissance activities and redirect the...

1.1AI score
Exploits0
Rows per page
Query Builder