#windows

iSmile Soft CMS version 0.3.0 suffers from an add administrator vulnerability.

islamnt CMS version 2.1.0 suffers from an add administrator vulnerability.

islamnt CMS version 2.1.0 suffers from a cross site scripting vulnerability.

Night Club Booking Software version 1.0 suffers from a cross site scripting vulnerability.

ImgHosting version 1.3 suffers from a cross site scripting vulnerability.

A high-severity security flaw has been disclosed in N-Able's Take Control Agent that could be exploited by a local unprivileged attacker to gain SYSTEM privileges. Tracked as CVE-2023-27470 (CVSS score: 8.8), the issue relates to a Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability, which, when successfully exploited, could be leveraged to delete arbitrary files on a Windows

A Privilege escalation vulnerability exists in Trellix Windows DLP endpoint for windows which can be abused to delete any file/folder for which the user does not have permission to.

In December 2022, KrebsOnSecurity broke the news that a cybercriminal using the handle "USDoD" had infiltrated the FBI's vetted information sharing network InfraGard, and was selling the contact information for all 80,000 members. The FBI responded by reverifying all InfraGard members and by seizing the cybercrime forum where the data was being sold. But on Sept. 11, 2023, USDoD resurfaced after a lengthy absence to leak sensitive employee data stolen from the aerospace giant Airbus, while promising to visit the same treatment on top U.S. defense contractors.

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent.

Blood Bank and Donor Management System version 2.2 suffers from a persistent cross site scripting vulnerability.