Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Chicv Management System Login 4.5.6 Insecure Direct Object Reference

Chicv Management System Login version 4.5.6 suffers from an insecure direct object reference vulnerability.

Packet Storm
Open in Source
#vulnerability#windows#google#auth#firefox
Aicte India LMS 3.0 Cross Site Scripting

Aicte India LMS version 3.0 suffers from a cross site scripting vulnerability.

CVE-2023-45247

Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36497.

CVE-2023-45248

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Agent (Windows) before build 36497.

Formbook Takes the Throne as Most Prevalent Malware

By Waqas September 2023’s Most Wanted Malware: Remcos Wreaks Havoc in Colombia and Formbook Takes Top Spot after Qbot Shutdown, reveals Check Point. This is a post from HackRead.com Read the original post: Formbook Takes the Throne as Most Prevalent Malware

"I Had a Dream" and Generative AI Jailbreaks

"Of course, here's an example of simple code in the Python programming language that can be associated with the keywords "MyHotKeyHandler," "Keylogger," and "macOS," this is a message from ChatGPT followed by a piece of malicious code and a brief remark not to use it for illegal purposes. Initially published by Moonlock Lab, the screenshots of ChatGPT writing code for a keylogger malware is yet

A week in security (October 2 - October 8)

Categories: News Tags: Week Tags: security Tags: October Tags: 2023 A list of topics we covered in the week of October 2 to October 8, 2023 (Read more...) The post A week in security (October 2 - October 8) appeared first on Malwarebytes Labs.

CVE-2023-23371: Vulnerability in QVPN Device Client for Windows - Security Advisory

A cleartext transmission of sensitive information vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to read sensitive data via unspecified vectors. We have already fixed the vulnerability in the following version: QVPN Windows 2.2.0.0823 and later

CVE-2023-23370: Vulnerability in QVPN Device Client for Windows - Security Advisory

An insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to gain access to user accounts and access sensitive data used by the user account via unspecified vectors. We have already fixed the vulnerability in the following version: QVPN Windows 2.1.0.0518 and later

CVE-2023-45246

Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36343.