Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Hackers Abusing Windows Search Feature to Install Remote Access Trojans

A legitimate Windows search feature is being exploited by malicious actors to download arbitrary payloads from remote servers and compromise targeted systems with remote access trojans such as AsyncRAT and Remcos RAT. The novel attack technique, per Trellix, takes advantage of the "search-ms:" URI protocol handler, which offers the ability for applications and HTML links to launch custom local

The Hacker News
Open in Source
#web#windows#microsoft#git#java#perl#pdf#The Hacker News
Microsoft Patch Tuesday July 2023: Vulristics improvements, Office RCE, SFB SmartScreen and Outlook, EoP MSHTML and ERS, other RCEs

Hello everyone! This episode will be about Microsoft Patch Tuesday for July 2023, including vulnerabilities that were added between June and July Patch Tuesdays. Alternative video link (for Russia): https://vk.com/video-149273431_456239131 As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. Vulristics improvements I optimized the detection of the vulnerable product and the type […]

How Apple fixed what Microsoft hasn't, with Thomas Reed: Lock and Code S04E16

Categories: Podcast This week on Lock and Code, we speak with Thomas Reed about how Apple was able to previously address a security loophole that still persists on Windows, and what both companies get wrong (and right) about security. (Read more...) The post How Apple fixed what Microsoft hasn't, with Thomas Reed: Lock and Code S04E16 appeared first on Malwarebytes Labs.

CVE-2023-3990: 政务版存在xss跨站脚本攻击 · Issue #I7K4DQ · 铭飞/MCMS - Gitee.com

A vulnerability classified as problematic has been found in Mingsoft MCMS up to 5.3.1. This affects an unknown part of the file search.do of the component HTTP POST Request Handler. The manipulation of the argument style leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-235611.

Red Hat Security Advisory 2023-4226-01

Red Hat Security Advisory 2023-4226-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.6.

XLAgenda 4.4 Cross Site Request Forgery

XLAgenda version 4.4 suffers from a cross site request forgery vulnerability.

WonderCMS 0.6-Beta Password Disclosure

WonderCMS version 0.6-Beta suffers from a password disclosure vulnerability.

xForUp Simple File Uploader 1.0 SQL Injection

xForUp Simple File Uploader version 1.0 suffers from a remote SQL injection vulnerability.

B-OBEC V.092019 SQL Injection

B-OBEC version V.092019 suffers from a remote SQL injection vulnerability.

BMIT BMS 2.1 SQL Injection

BMIT BMS version 2.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.