Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Beware: Fake Exploit for WinRAR Vulnerability on GitHub Infects Users with VenomRAT

A malicious actor released a fake proof-of-concept (PoC) exploit for a recently disclosed WinRAR vulnerability on GitHub with an aim to infect users who downloaded the code with VenomRAT malware. "The fake PoC meant to exploit this WinRAR vulnerability was based on a publicly available PoC script that exploited a SQL injection vulnerability in an application called GeoServer, which is tracked as

The Hacker News
Open in Source
#sql#vulnerability#web#windows#git#rce#The Hacker News
CVE-2023-38718: Security Bulletin: IBM Robotic Process Automation could disclose sensitive information from access to RPA scripts, workflows and related data (CVE-2023-38718)

IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could disclose sensitive information from access to RPA scripts, workflows and related data. IBM X-Force ID: 261606.

CVE-2023-2508: Mobility Print release history | PaperCut

The `PaperCutNG Mobility Print` version 1.0.3512 application allows an unauthenticated attacker to perform a CSRF attack on an instance administrator to configure the clients host (in the "configure printer discovery" section). This is possible because the application has no protections against CSRF attacks, like Anti-CSRF tokens, header origin validation, samesite cookies, etc.

Lamano CMS 2.0 Cross Site Request Forgery

Lamano CMS version 2.0 suffers from a cross site request forgery vulnerability.

CVE-2023-5042

Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713.

Fresh Wave of Malicious npm Packages Threaten Kubernetes Configs and SSH Keys

Cybersecurity researchers have discovered a fresh batch of malicious packages in the npm package registry that are designed to exfiltrate Kubernetes configurations and SSH keys from compromised machines to a remote server. Sonatype said it has discovered 14 different npm packages so far: @am-fe/hooks, @am-fe/provider, @am-fe/request, @am-fe/utils, @am-fe/watermark, @am-fe/watermark-core,

CVE-2023-43621: security - croc: multiple issues in file sharing utility

An issue was discovered in Croc through 9.6.5. The shared secret, located on a command line, can be read by local users who list all processes and their arguments.

Trend Micro Releases Urgent Fix for Actively Exploited Critical Security Vulnerability

Cybersecurity company Trend Micro has released patches and hotfixes to address a critical security flaw in Apex One and Worry-Free Business Security solutions for Windows that has been actively exploited in real-world attacks. Tracked as CVE-2023-41179 (CVSS score: 9.1), it relates to a third-party antivirus uninstaller module that's bundled along with the software. The complete list of impacted

CVE-2023-36319: GitHub - Lowalu/CVE-2023-36319: exp4CVE-2023-36319

File Upload vulnerability in Openupload Stable v.0.4.3 allows a remote attacker to execute arbitrary code via the action parameter of the compress-inc.php file.

CVE-2020-24089: GitHub - rjt-gupta/CVE-2020-24089: Windows Privilege Escalation: IOBit Malware Fighter v8.0.2

An issue was discovered in ImfHpRegFilter.sys in IOBit Malware Fighter version 8.0.2, allows local attackers to cause a denial of service (DoS).