Category Archives: Advisories

ZDI-22-1619: Trend Micro Apex One Unauthorized Change Prevention Service Out-Of-Bounds Access Local Privilege Escalation Vulnerability

November 21, 2022

Read Time:12 Second

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Advisories

ZDI-22-1618: Trend Micro Apex One Out-Of-Bounds Read Information Disclosure Vulnerability

November 21, 2022

Read Time:12 Second

This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Advisories

ZDI-22-1617: Trend Micro Apex One Out-Of-Bounds Read Information Disclosure Vulnerability

November 21, 2022

Read Time:12 Second

Advisories

ZDI-22-1616: Trend Micro Apex One Unauthorized Change Prevention Service Memory Corruption Local Privilege Escalation Vulnerability

November 21, 2022

Read Time:12 Second

Advisories

ZDI-22-1615: TP-Link TL-WR940N httpd Incorrect Implementation of Authentication Algorithm Information Disclosure Vulnerability

November 21, 2022

Read Time:8 Second

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N routers. Authentication is not required to exploit this vulnerability.

Advisories

ZDI-22-1614: TP-Link TL-WR940N httpd Use of Insufficiently Random Values Authentication Bypass Vulnerability

November 21, 2022

Read Time:8 Second

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of TP-Link TL-WR940N routers. Authentication is not required to exploit this vulnerability.

Advisories

ZDI-22-1613: ManageEngine ServiceDesk Plus MSP generateSQLReport Improper Input Validation Privilege Escalation Vulnerability

November 21, 2022

Read Time:7 Second

This vulnerability allows remote attackers to escalate privileges on affected installations of ManageEngine ServiceDesk Plus MSP. Authentication is required to exploit this vulnerability.

Advisories

ZDI-22-1623: Hewlett Packard Enterprise OfficeConnect 1820 Authentication Bypass Vulnerability

November 21, 2022

Read Time:8 Second

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Hewlett Packard Enterprise OfficeConnect 1820 switches. Authentication is not required to exploit this vulnerability.

Advisories

Backdoor.Win32.Oblivion.01.a / Insecure Transit Password Disclosure

November 20, 2022

Read Time:20 Second

Posted by malvuln on Nov 20

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/aef85cf0d521eaa6aade11f95ea07ebe.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Oblivion.01.a
Vulnerability: Insecure Transit Password Disclosure
Description: The malware listens on TCP port 7826 and makes HTTP GET
requests to port 80 for “/scripts/WWPMsg.dll”. The system logon credentials…

Advisories

Backdoor.Win32.Oblivion.01.a / Insecure Transit Password Disclosure

November 20, 2022

Read Time:20 Second

Posted by malvuln on Nov 20

Cyber Security News

Category Archives: Advisories

ZDI-22-1619: Trend Micro Apex One Unauthorized Change Prevention Service Out-Of-Bounds Access Local Privilege Escalation Vulnerability

ZDI-22-1618: Trend Micro Apex One Out-Of-Bounds Read Information Disclosure Vulnerability

ZDI-22-1617: Trend Micro Apex One Out-Of-Bounds Read Information Disclosure Vulnerability

ZDI-22-1616: Trend Micro Apex One Unauthorized Change Prevention Service Memory Corruption Local Privilege Escalation Vulnerability

ZDI-22-1615: TP-Link TL-WR940N httpd Incorrect Implementation of Authentication Algorithm Information Disclosure Vulnerability

ZDI-22-1614: TP-Link TL-WR940N httpd Use of Insufficiently Random Values Authentication Bypass Vulnerability

ZDI-22-1613: ManageEngine ServiceDesk Plus MSP generateSQLReport Improper Input Validation Privilege Escalation Vulnerability

ZDI-22-1623: Hewlett Packard Enterprise OfficeConnect 1820 Authentication Bypass Vulnerability

Backdoor.Win32.Oblivion.01.a / Insecure Transit Password Disclosure

Backdoor.Win32.Oblivion.01.a / Insecure Transit Password Disclosure

News, Advisories and much more