Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-25168PUBLISHED: 2023-02-09
Wings is Pterodactyl's server control plane. This vulnerability can be used to delete files and directories recursively on the host system. This vulnerability can be combined with `GHSA-p8r3-83r8-jwj5` to overwrite files on the host system. In order to use this exploit, an attacker must have an exis...
CVE-2023-0249PUBLISHED: 2023-02-08Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to out-of-bounds write, which may allow an attacker to remotely execute arbitrary code.
CVE-2023-0250PUBLISHED: 2023-02-08Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code.
CVE-2023-0251PUBLISHED: 2023-02-08Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to a buffer overflow through improper restrictions of operations within memory, which could allow an attacker to remotely execute arbitrary code.
CVE-2022-38777PUBLISHED: 2023-02-08An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.
User Rank: Apprentice
1/22/2014 | 4:23:17 PM
Isn't BlackPOS Windows malware? At least I thought it was. Perhaps I'm mistaken. If it is Windows malware, what difference does it make that they didn't compromise POS systems or store controllers running Windows? Either way they still compromised Windows.
I guess it's probably worse if they compromised payment servers since by design, they should be even more critically protected than an individual POS as they are a much higher value target.