ZDI-24-048: D-Link DCS-8300LHV2 ONVIF SetHostName Stack-Based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Although authentication is required to exploit this vulnerability,...
ZDI-24-049: D-Link DCS-8300LHV2 ONVIF Hardcoded PIN Authentication Bypass Vulnerability
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DCS-8300LHV2 IP cameras. Authentication is not required to exploit this vulnerability. The...
ZDI-24-050: D-Link DIR-X3260 prog.cgi SetUsersSettings Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The ZDI...
ZDI-24-051: Trend Micro Apex Central Cross-Site Scripting Privilege Escalation Vulnerability
This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The ZDI...
ZDI-24-052: Trend Micro Apex Central modVulnerabilityProtect Server-Side Request Forgery Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The...
USN-6574-1: Go vulnerabilities
Takeshi Kaneko discovered that Go did not properly handle comments and special tags in the script context of html/template module. An attacker could possibly use...
USN-6562-2: Firefox regressions
USN-6562-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple...
Twitter says, It’s not our fault the SEC’s account got hacked
The safety team at Twitter has responded to the high profile hack of the SEC Twitter account, which made headlines around the world. And what...
Smashing Security podcast #354: Chuck Norris and the fake CEO, artificial KYC, and an Airbnb scam
Chuck Norris gives a helping hand to a mysterious cryptocurrency CEO who may have separated investors from over a billion dollars, generative AI creates a...
USN-6577-1: Linux kernel (AWS) vulnerabilities
Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain...