Read Time:8 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability.
Daily Archives: May 24, 2023
ZDI-23-717: D-Link D-View uploadFile Directory Traversal Arbitrary File Creation Vulnerability
Read Time:7 Second
This vulnerability allows remote attackers to create arbitrary files on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability.
ZDI-23-718: D-Link D-View uploadMib Directory Traversal Arbitrary File Creation or Deletion Vulnerability
Read Time:8 Second
This vulnerability allows remote attackers to create and delete arbitrary files on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability.
ZDI-23-719: D-Link D-View showUser Improper Authorization Privilege Escalation Vulnerability
Read Time:7 Second
This vulnerability allows remote attackers to escalate privileges on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability.
ZDI-23-720: Moxa MXsecurity Series Hardcoded JWT Key Authentication Bypass Vulnerability
Read Time:7 Second
This vulnerability allows remote attackers to bypass authentication on affected installations of Moxa MXsecurity Series appliances. Authentication is not required to exploit this vulnerability.
ZDI-23-721: Moxa MXsecurity Series Restricted Shell Command Injection Remote Code Execution Vulnerability
Read Time:7 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Moxa MXsecurity Series appliances. Authentication is required to exploit this vulnerability.
ZDI-23-722: Microsoft Windows Active Directory Certificate Services Improper Authorization Privilege Escalation Vulnerability
Read Time:8 Second
This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of Microsoft Windows Active Directory Certificate Services. Authentication is required to exploit this vulnerability.
Former Uber CSO Joe Sullivan and lessons learned from the infamous 2016 Uber breach
Read Time:53 Second
Like most CSOs, Joe Sullivan was drawn to the role to help prevent cybercrimes. His role as CSO of Uber was something of a shift from his previous job prosecuting cybercriminals as an assistant US attorney, but closer to the tip of the cybersecurity spear. As a top-level professional in the business of defending against the bad guys, it was unexpected and not a little ironic that he would find himself on the other side of the justice system.
On May 4, 2023, Sullivan was sentenced to three years of probation for felony obstruction and misprision for not reporting a 2016 breach at rideshare and delivery company Uber that threatened to expose the data of 600,000 drivers and the personal information associated with 57 million riders. In an interview with CSO, Sullivan said he’s less concerned with his personal fate than the possibility that the entire episode will cause CISOs to become more concerned about protecting themselves from aggressive prosecution than protecting their organizations.
DSA-5410 sofia-sip – security update
Read Time:6 Second
Multiple security issues were discovered in Sofia-SIP, a SIP User-Agent
library, which could result in denial of service.