275 matches found
CVE-2023-5964
The CVE-2023-5964 issue affects the 1E Exchange End-User Interaction product pack, specifically the 1E-Exchange-DisplayMessage instruction. The vulnerability arises from improper validation of Caption and Message parameters, enabling arbitrary code execution with SYSTEM privileges on Windows clie...
CVE-2023-5964 1E-Exchange-DisplayMessage instruction allows for arbitrary code execution
The 1E-Exchange-DisplayMessageinstruction that is part of the End-User Interaction product pack available on the 1E Exchange does not properly validate the Caption or Message parameters, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This...
CVE-2023-5964 1E-Exchange-DisplayMessage instruction allows for arbitrary code execution
The 1E-Exchange-DisplayMessageinstruction that is part of the End-User Interaction product pack available on the 1E Exchange does not properly validate the Caption or Message parameters, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This...
1E Platform Security Vulnerability
1E Platform is a terminal endpoint management and automation solution from 1E. A security vulnerability exists in prior versions of 1E Platform-Exchange Product Pack-End-User Interaction 23 that stems from not properly validating the Caption or Message parameters, allowing an attacker to execute...
Randomly Failure when Launching Virtual Desktop through NetScaler Gateway
Randomly, end user would report Virtual Desktop launching failure issue via NetScaler Gateway...
OpenEMR Access Control Error Vulnerability (CNVD-2023-40910)
OpenEMR is an open source medical management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing requests. An Access Control Error vulnerability exists in OpenEMR versions prior to 7.0.1,...
OpenEMR 访问控制错误漏洞
OpenEMR is an open source medical management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing requests. An Access Control Error vulnerability exists in OpenEMR versions prior to 7.0.1,...
Cross Site Scripting (XSS) in Assets
Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a differen...
CVE-2023-25718
In ConnectWise Control through 22.9.10032 formerly known as ScreenConnect, after an executable file is signed, additional instructions can be added without invalidating the signature, such as instructions that result in offering the end user a different attacker-controlled executable file. It is...
CVE-2023-25718
In ConnectWise Control through 22.9.10032 formerly known as ScreenConnect, after an executable file is signed, additional instructions can be added without invalidating the signature, such as instructions that result in offering the end user a different attacker-controlled executable file. It is...
Vulnerability in OpenSSL - Use-after-free following BIO_new_NDEF
The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the...
macOS Patching Is Here!
In the past few years, many of our customers have seen a sharp increase in the number of Mac devices introduced to their environment. All those new Mac devices introduce new vulnerabilities that must be remediated. To keep up with the new volume of vulnerabilities, organizations had to opt-in, bu...
Low: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2.4 (python-django-horizon) security update
An update for python-django-horizon is now available for Red Hat OpenStack Platform 16.2.4 Train on Red Hat Enterprise Linux RHEL 8.4. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
Shenzhen Fujia Technology OurPhoto 安全漏洞
Shenzhen Fujia Technology OurPhoto is a cloud photo frame software from Shenzhen Fujia Technology, China. It allows you to share photos and video files directly on your cell phone. A security vulnerability exists in Shenzhen Fujia Technology OurPhoto version 1.4.1 that stems from the usertoken...
Here's How to Ensure Your Incident Response Strategy is Ready for Holiday Hackers
The best line of defense against holiday hacking schemes is a comprehensive incident response strategy that focuses on end-user vulnerabilities. The holiday season is upon us and with it a slew of cybersecurity scams preying on end-user vulnerabilities. Because employees often use their business...
November 22, 2022—KB5020032 (OS Build 20348.1311) Preview
None None...
CVE-2022-42466
Prior to 2.0.0-M9, it was possible for an end-user to set the value of an editable string property of a domain object to a value that would be rendered unchanged when the value was saved. In particular, the end-user could enter javascript or similar and this would be executed. As of this release,...
[The Lost Bots] S02E03: Browser-in-Browser Attacks — Don't Get (Cat)-Phished
!\The Lost Bots\ S02E03: Browser-in-Browser Attacks — Don't Get \Cat-Phishedhttps://blog.rapid7.com/content/images/2022/08/The-Lost-Bots-logo-large.png Welcome back to The Lost Bots! In our latest episode, we're talking about phishing attacks — but not your standard run-of-the-mill version...
2021 Top Malware Strains
Summary Immediate Actions You Can Take Now to Protect Against Malware: • Patch all systems and prioritize patching known exploited vulnerabilities. • Enforce multifactor authentication MFA. • Secure Remote Desktop Protocol RDP and other risky services. • Make offline backups of your data. • Provi...
Hackers Using Bumblebee Loader to Compromise Active Directory Services
The malware loader known as Bumblebee is being increasingly co-opted by threat actors associated with BazarLoader, TrickBot, and IcedID in their campaigns to breach target networks for post-exploitation activities. "Bumblebee operators conduct intensive reconnaissance activities and redirect the...