February 8, 2022-KB5009470 Cumulative Update for .NET Framework 3.5 and 4.8 for Microsoft server operating system version 21H2

February 8, 2022-KB5009470 Cumulative Update for .NET Framework 3.5 and 4.8 for Microsoft server operating system version 21H2 Release Date: February 8, 2022 Version: .NET Framework 3.5 and 4.8 The February 8, 2022 update for Microsoft server operating system version 21H2 includes cumulative...

The vulnerability of the Microsoft Office software package, related to errors in information presentation on the user interface, allows a hacker to carry out a spear-phishing attack.

The vulnerability of the Microsoft Office suite is related to errors in information presentation at the user interface level. Exploiting this vulnerability can allow an attacker to carry out a spear-phishing attack...

January 11, 2022-KB5008876 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10, version 20H2, Windows Server, version 20H2, Windows 10 Version 21H1, and Windows 10 Version 21H2

January 11, 2022-KB5008876 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10, version 20H2, Windows Server, version 20H2, Windows 10 Version 21H1, and Windows 10 Version 21H2 Release Date: January 11, 2022 Version: .NET Framework 3.5 and 4.8 Summary Security Improvements This securi...

ALBA-2021:5230 accountsservice bug fix and enhancement update

The accountsservice project provides a set of D-Bus interfaces for querying and manipulating user account information. It is based on the useradd, usermod, and userdel commands. Bug Fixes and Enhancements: HP WS AlmaLinux 8.5 bug Desktop presentation changes between reboots when logging in as roo...

The vulnerability in the implementation of the Windows Authenticode signature technology of the Microsoft Windows operating system allows attackers to perform spoofing attacks.

The vulnerability of the Authenticode signature technology implemented in Microsoft Windows operating systems is related to errors in information presentation by the user interface. Exploiting this vulnerability can allow attackers to perform spoofing attacks...

The vulnerability of the Microsoft Dynamics 365 resource planning software, related to errors in the user interface’s information presentation, allows a perpetrator to carry out spear-phishing attacks.

The vulnerability of the Microsoft Dynamics 365 resource planning software is related to errors in information presentation by the user interface. Exploiting this vulnerability allows a malicious actor to carry out spear-phishing attacks using specially crafted requests...

The vulnerability of Microsoft SharePoint Server’s software packages, related to errors in information presentation by the user interface, allows attackers to carry out spoofing attacks.

The vulnerability of Microsoft SharePoint Server packages is related to errors in information presentation by the user interface. Exploiting this vulnerability can allow a malicious actor to carry out spoofing attacks remotely...

CVE-2021-38103

IBJPG2.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue...

Wake me up till SAS summit ends

What do cyberthreats, Kubernetes and donuts have in common – except that all three end in "ts", that is? All these topics will be mentioned during the new SAS@Home online conference, scheduled for September 28th-29th, 2021. To be more specific, there will be a workshop titled, "Prevent & Detect...

GeoVision Geowebserver 5.3.3 - LFI / XSS / HHI / RCE Vulnerabilities

Exploit Title: GeoVision Geowebserver 5.3.3 - LFI / XSS / HHI / RCE DynamicDNS Network to find: DIPMAP.COM / GVDIP.COM Exploit Author: Ken 's1ngular1ty' Pyle Vendor Homepage: https://www.geovision.com.tw/cybersecurity.php Version: test HTTP/1.1 Absolute exploitation of the LFI: POST...

Using AI to Scale Spear Phishing

The problem with spear phishing is that it takes time and creativity to create individualized enticing phishing emails. Researchers are using GPT-3 to attempt to solve that problem: The researchers used OpenAIs GPT-3 platform in conjunction with other AI-as-a-service products focused on personali...

HTTP/2 Request Smuggling

HTTP Request Smuggling also known as an HTTP Desync Attack has experienced a resurgence in security research recently, thanks in large part to the outstanding work by security researcher James Kettle. His 2019 Blackhat presentation on HTTP Desync attacks exposed vulnerabilities with different...

CVE-2021-35482

An issue was discovered in Barco MirrorOp Windows Sender before 2.5.4.70. An attacker in the local network is able to achieve Remote Code Execution with user privileges of the local user on any device that tries to connect to a WePresent presentation system...

Remote code execution

An issue was discovered in Barco MirrorOp Windows Sender before 2.5.4.70. An attacker in the local network is able to achieve Remote Code Execution with user privileges of the local user on any device that tries to connect to a WePresent presentation system...

CVE-2021-35482

An issue was discovered in Barco MirrorOp Windows Sender before 2.5.4.70. An attacker in the local network is able to achieve Remote Code Execution with user privileges of the local user on any device that tries to connect to a WePresent presentation system...

Unspecified Vulnerability in VIAware

Kramer Electronics VIAware is a wireless presentation collaboration software solution from Kramer Electronics, Israel. A security vulnerability exists in all tested versions of KramerAV VIAWare, which can be exploited by an attacker to elevate privileges via misconfigured sudo...

Dell powerflex presentation server data forgery issue vulnerability

DELL Dell EMC PowerFlex is an application from Dell of America DELL, Inc. Dell powerflex presentation server data forgery issue vulnerability, which originates from the product's websocket in the Presentation Server/WebUI does not do user identity An attacker could hijack the Websocket to trick...

CVE-2021-21588

Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vulnerability in the Presentation Server/WebUI. An unauthenticated attacker could potentially exploit this vulnerability by tricking the user into performing unwanted actions on the Presentation Server and perform which may lead ...

CVE-2021-21588

Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vulnerability in the Presentation Server/WebUI. An unauthenticated attacker could potentially exploit this vulnerability by tricking the user into performing unwanted actions on the Presentation Server and perform which may lead ...

Cross site scripting

Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vulnerability in the Presentation Server/WebUI. An unauthenticated attacker could potentially exploit this vulnerability by tricking the user into performing unwanted actions on the Presentation Server and perform which may lead ...