Equation

Equation - Equation is a sophisticated threat group that employs multiple remote access tools. The group is known to use zero-day exploits and has developed the capability to overwrite the firmware of hard disk drives. ...
11 months ago Attack.mitre.org

CVE-2024-33997 - Additional sanitizing was required when opening the equation editor to prevent a stored XSS risk when editing another user's equation. ...
5 months ago

OpenAI's board might have been dysfunctional-but they made the right choice. Their defeat shows that in the battle between AI profits and ethics, it's no contest - The drama around OpenAI, its board, and Sam Altman has been a fascinating story that raises a number of ethical leadership issues. What are the responsibilities that OpenAI's board, Sam Altman, and Microsoft held during these quickly moving events? ...
11 months ago Fortune.com

CVE-2006-4635 - Unspecified vulnerability in MySource Classic 2.14.6, and possibly earlier, allows remote authenticated users, with superuser privileges, to inject arbitrary PHP code via unspecified vectors related to the Equation attribute in Web_Extensions - ...
7 years ago

CVE-2017-12840 - A kernel driver, namely DLMFENC.sys, bundled with the DESLock+ client application 4.8.16 and earlier contains a locally exploitable heap based buffer overflow in the handling of an IOCTL message of type 0x0FA4204. The vulnerability is present due to ...
7 years ago

CVE-2009-1669 - The smarty_function_math function in libs/plugins/function.math.php in Smarty 2.6.22 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the equation attribute of the math function. NOTE: some of these ...
7 years ago

Tracking Cybersecurity Progress at Industrial Companies - Although cybersecurity has become a priority at many manufacturing companies, risks have increased at the same time. To better understand how companies are addressing heightened risks, Manufacturers Alliance and Fortinet partnered to study the ...
11 months ago Feeds.fortinet.com

CVE-2020-8912 - A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. An attacker with write access to the targeted bucket can change the encryption algorithm of an object in the bucket, which can then allow ...
4 years ago

CVE-2018-0812 - Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft ...
4 years ago

CVE-2018-0807 - Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft ...
4 years ago

CVE-2018-0848 - Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft ...
4 years ago

CVE-2018-0806 - Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft ...
4 years ago

CVE-2018-0798 - Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption ...
4 years ago

CVE-2018-0802 - Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption ...
4 years ago

CVE-2018-0845 - Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft ...
4 years ago

CVE-2018-0804 - Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft ...
4 years ago

CVE-2018-0805 - Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft ...
4 years ago

CVE-2018-0849 - Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft ...
4 years ago

CVE-2018-0801 - Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Remote Code ...
4 years ago

CVE-2018-0862 - Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft ...
4 years ago

CVE-2018-20859 - edx-platform before 2018-07-18 allows XSS via a response to a Chemical Equation advanced problem. ...
4 years ago

Attackers Exploit 6-Year-Old Microsoft Office Bug to Spread Spyware - Attackers are exploiting a 6-year-old Microsoft Office remote code execution flaw to deliver spyware, in an email campaign weaponized by malicious Excel attachments and characterized by sophisticated evasion tactics. Threat actors dangle lures ...
11 months ago Darkreading.com

Developers behaving badly: Why holistic AppSec is key - A recent survey shows that untested software releases, rampant pushing of unvetted and uncontrolled AI-derived code, and bad developer security are all culminating to seriously expand security risks across software development. Add in the explosion ...
11 months ago Securityboulevard.com

Hackers Exploiting Old Microsoft Office RCE Flaw - It has been reported that malicious individuals are utilizing a malware called Agent Tesla to target Microsoft Office users using versions affected by CVE-2017-11882 XLAM. This malware is taking advantage of a remote code execution vulnerability in ...
10 months ago Gbhackers.com

Cyber Employment 2024: Sky-High Expectations Fail Businesses & Job Seekers - Well-publicized estimates of a massive shortfall in cybersecurity workers have resulted in high expectations among job seekers in the field, but the reality often falls flat, because of a mismatch between companies' requirements and job seekers' ...
10 months ago Darkreading.com