command injection – WindowsTechs.com

Ghostscript bug could allow rogue documents to run system commands

Posted on July 4, 2023 by Paul Ducklin

Even if you’ve never heard of the venerable Ghostscript project, you may have it installed without knowing. Continue reading Ghostscript bug could allow rogue documents to run system commands→

Posted on June 24, 2022 by Paul Ducklin

Fortunately, it’s not a major bugfix, which means it’s easy to patch and can teach us all some useful lessons. Continue reading OpenSSL issues a bugfix for the previous bugfix→

Posted on December 4, 2020 by Tara Seals

VMware has issued a full patch and revised the severity level of the NSA-reported vulnerability to “important.” Continue reading VMware Rolls a Fix for Formerly Critical Zero-Day Bug→

Posted on November 23, 2020 by Tom Spring

VMware explained it has no patch for a critical escalation-of-privileges bug that impacts both Windows and Linux operating systems and its Workspace One. Continue reading Critical VMware Zero-Day Bug Allows Command Injection; Patch Pending→

Posted on September 17, 2020 by Tara Seals

Mozi’s spike comes amid a huge increase in overall IoT botnet activity. Continue reading Mozi Botnet Accounts for Majority of IoT Traffic→

Posted on July 17, 2019 by Tom Spring

Lenovo, Acer and five additional server manufacturers are hit with supply-chain bugs buried in motherboard firmware. Continue reading Firmware Bugs Plague Server Supply Chain, 7 Vendors Impacted→

Posted on April 26, 2019 by Tara Seals

Posted on April 9, 2019 by Lindsey O'Donnell

A high-severity flaw in the Verizon Fios Quantum Gateway, used in millions of U.S. homes, could allow for command injection. Continue reading Verizon Router Command Injection Flaw Impacts Millions→

Posted on February 7, 2019 by Lucian Constantin

A security researcher from security firm Trustwave has found a vulnerability that could allow hackers to take over videoconferencing devices made by Lifesize. Some of the affected products have reached end-of-sale or end-of-support, but are still wide… Continue reading Serious Vulnerability Found in Lifesize Business Videoconferencing Devices→

Posted on April 25, 2018 by Tom Spring

Default configuration of WD’s My Cloud storage device keeps port open for unprivileged data exfiltration within a network. Continue reading Western Digital My Cloud EX2 NAS Device Leaks Files→