Vulnerabilities fixed in Apple macOS

Apple has fixed several vulnerabilities in macOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remote...

Phishing mail claims a 3D Secure upgrade is required

Today we took a look at a phishing mail pinning its hopes on a QR code linking to a bogus website. Scammers claim that your mail address has "not been registered for the 3D Secure Security Update". 3D Secure phishing mail The mail reads as follows: Dear Sir / Madam, Our administration has shown...

CVE-2022-22811

A CWE-352: Cross-Site Request Forgery CSRF vulnerability exists that could induce users to perform unintended actions, leading to the override of the system�s configurations when an attacker persuades a user to visit a rogue website. Affected Product: spaceLYnk V2.6.2 and prior, Wiser for KNX...

Cross site request forgery (csrf)

A CWE-352: Cross-Site Request Forgery CSRF vulnerability exists that could induce users to perform unintended actions, leading to the override of the system?s configurations when an attacker persuades a user to visit a rogue website. Affected Product: spaceLYnk V2.6.2 and prior, Wiser for KNX...

Vulnerabilities fixed in Google Chrome

Google has fixed vulnerabilities in Chrome. The vulnerabilities allow a remote malicious person to cause a denial-of-service or to obtain system data obtain. To do so, the malicious party must induce the victim to to visit a rogue website. Google has released updates to fix the vulnerabilities...

Vulnerability fixed in Apple iOS and iPadOS

A vulnerability has been fixed in Apple iOS and Apple iPadOS. The vulnerability is located in the WebKit component and is referred to as Universal Cross-site Scripting UXSS. The vulnerability allows an unauthorized remote malicious person to execute arbitrary code under browser privileges. The...

MS07-020: Vulnerability in Microsoft Agent Could Allow Remote Code Execution (932168)

The remote version of Windows contains a flaw in the Microsoft Agent service that could allow an attacker to execute code on the remote host. To exploit this flaw, an attacker would need to set up a rogue website and lure a victim on the remote host into visiting it. C Tenable Network Security,...

Mac OS X Security Update 2007-001

The remote host is running a version of Mac OS X 10.3 or 10.4 which does not have Security Update 2007-001 applied. This update fixes a flaw in QuickTime which may allow a rogue website to execute arbitrary code on the remote host by exploiting an overflow in the RTSP URL handler. TRUSTED...

MS05-032: Vulnerability in Microsoft Agent Could Allow Spoofing (890046)

The remote version of Windows contains a flaw in the Microsoft Agent service that could allow an attacker to spoof the content of a website. To exploit this flaw, an attacker would need to set up a rogue website and lure a victim on the remote host into visiting it. C Tenable Network Security, In...

Opera < 7.54 Download File Type Dialog Spoofing

The version of Opera on the remote host contains a flaw that allows an attacker to determine the existence of files and directories on the remote host. To exploit this flaw, an attacker would need to set up a rogue website and lure a user of the remote host into visiting it with Opera. C Tenable...

Opera < 7.54 Multiple Function Address Bar Spoofing

The version of Opera installed on the remote host is vulnerable to a flaw wherein a remote attacker can obscure the URI, leading the user to believe that he/she is accessing a trusted resource. To exploit this issue, an attacker would need to set up a rogue website, then entice a local user to...

MS04-023: Vulnerability in HTML Help Could Allow Code Execution (840315)

The remote host is subject to two vulnerabilities in the HTML Help and showHelp modules that could allow an attacker to execute arbitrary code on the remote host. To exploit these flaws, an attacker would need to set up a rogue website containing a malicious showHelp URL, and would need to lure a...

MS KB870669: ADODB.Stream object from Internet Explorer

The remote host contains a vulnerability in IE. The ADODB.Stream object can be used by a malicious web page to read and write to local files. An attacker could use this flaw to gain access to the data on the remote host. To exploit this flaw, an attacker would need to set up a rogue website and...

Opera < 7.03 Multiple Vulnerabilities

The version of Opera installed on the remote host is vulnerable to various security flaws, ranging from cross-site scripting to buffer overflows. To exploit them, an attacker would need to set up a rogue website, then lure a user of this host visit it using Opera. He would then be able to execute...