ZDI-23-1796: Schneider Electric C-Bus Toolkit FileCommand Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric C-Bus Toolkit. Authentication is not required to exploit this vulnerability....
ZDI-23-1797: Schneider Electric C-Bus Toolkit TransferCommand Exposed Dangerous Method Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric C-Bus Toolkit. Authentication is not required to exploit this vulnerability....
ZDI-23-1798: PaperCut NG Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of PaperCut NG. An attacker must first obtain the ability to execute low-privileged code...
ZDI-23-1799: Ivanti Avalanche Incorrect Default Permissions Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Ivanti Avalanche. An attacker must first obtain the ability to execute low-privileged code...
ZDI-23-1792: Microsoft Windows win32kfull UMPDDrvCopyBits Use-After-Free Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code...
ZDI-23-1793: Delta Electronics DOPSoft DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DOPSoft. User interaction is required to exploit this vulnerability in...
DSA-5578-1 ghostscript – security update
It was discovered that Ghostscript, the GPL PostScript/PDF interpreter, does not properly handle errors in the gdev_prn_open_printer_seekable() function, which could result in the execution of...
USN-6488-2: strongSwan vulnerability
USN-6488-1 fixed a vulnerability in strongSwan. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Florian Picca...
Prison for man who wiped bank’s data after being fired for accessing porn in the office
A man has been sentenced to 24 months in prison after being found guilty of hacking into his former employer's network, and causing substantial damage....
Smashing Security podcast #352: For research purposes only
A hacker bursts the bubble of inflatable fetish fans, Hollywood celebrities unwittingly record videos in a Kremlin plot, and there's a particularly devious WordPress-related malware...