ZDI-24-023: Trend Micro Apex Central Cross-Site Scripting Remote Code Execution Vulnerability | allinfosecnews.com

Jan. 10, 2024, 6 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 6.1. The following CVEs are assigned: CVE-2023-52326.

apex apex central arbitrary code attackers code code execution cross-site cvss exploit file malicious micro page rating remote code remote code execution scripting target trend trend micro vulnerability zdi

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-24-427: Adobe Acrobat Reader DC AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability 22 hours ago | www.zerodayinitiative.com

acrobat acrobat reader adobe adobe acrobat +17

ZDI-24-426: Adobe Acrobat Reader DC AcroForm Use-After-Free Information Disclosure Vulnerability 22 hours ago | www.zerodayinitiative.com

acrobat acrobat reader adobe adobe acrobat +19

ZDI-24-425: Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability 22 hours ago | www.zerodayinitiative.com

acrobat acrobat reader adobe adobe acrobat +18

ZDI-24-424: Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability 22 hours ago | www.zerodayinitiative.com

acrobat acrobat reader adobe adobe acrobat +18

ZDI-24-423: Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability 22 hours ago | www.zerodayinitiative.com

acrobat acrobat reader adobe adobe acrobat +18

ZDI-24-422: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability 22 hours ago | www.zerodayinitiative.com

acrobat acrobat reader adobe adobe acrobat +18

ZDI-24-421: SonicWALL GMS Virtual Appliance ECMClientAuthenticator Hard-Coded Credential Authentication Bypass Vulnerability 22 hours ago | www.zerodayinitiative.com

attackers authentication authentication bypass bypass +14

ZDI-24-420: SonicWALL GMS Virtual Appliance ECMPolicy XML External Entity Processing Information Disclosure Vulnerability 22 hours ago | www.zerodayinitiative.com

attackers authentication can cve +19

ZDI-24-419: (Pwn2Own) Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability 6 days, 22 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +18

Red Team Penetration Tester and Operator, Junior

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)

View on infosec-jobs.com

Director, Security Operations & Risk Management

@ Live Nation Entertainment | Toronto, ON

View on infosec-jobs.com

IT and Security Specialist APAC (F/M/D)

@ Flowdesk | Singapore, Singapore, Singapore

View on infosec-jobs.com

Senior Security Controls Assessor

@ Capgemini | Washington, DC, District of Columbia, United States; McLean, Virginia, United States

View on infosec-jobs.com

GRC Systems Solution Architect

@ Deloitte | Midrand, South Africa

View on infosec-jobs.com

Cybersecurity Subject Matter Expert (SME)

@ SMS Data Products Group, Inc. | Fort Belvoir, VA, United States

View on infosec-jobs.com