Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CMS Ultimate Solutions DreamSus 1.4 Shell Upload

CMS Ultimate Solutions DreamSus version 1.4 suffers from a remote shell upload vulnerability.

Packet Storm
Open in Source
#sql#xss#csrf#vulnerability#web#ios#mac#windows#apple#google#ubuntu#linux#debian#cisco#java#php#perl#auth#ruby#firefox
Critical Zero-Days in Atera Windows Installers Expose Users to Privilege Escalation Attacks

Zero-day vulnerabilities in Windows Installers for the Atera remote monitoring and management software could act as a springboard to launch privilege escalation attacks. The flaws, discovered by Mandiant on February 28, 2023, have been assigned the identifiers CVE-2023-26077 and CVE-2023-26078, with the issues remediated in versions 1.8.3.7 and 1.8.4.9 released by Atera on April 17, 2023, and

Banking Sector Targeted in Open-Source Software Supply Chain Attacks

Cybersecurity researchers said they have discovered what they say is the first open-source software supply chain attacks specifically targeting the banking sector. "These attacks showcased advanced techniques, including targeting specific components in web assets of the victim bank by attaching malicious functionalities to it," Checkmarx said in a report published last week. "The attackers

A week in security (July 17 - 23)

Categories: News Tags: week in security Tags: malwarebytes Tags: July Tags: 2023 A list of topics we covered in the week of July 17 to July 23 of 2023 (Read more...) The post A week in security (July 17 - 23) appeared first on Malwarebytes Labs.

CVE-2023-38195: CVE-2023-38195 Security issue when using external (SQL Server or PostgreSQL) metadata storage · Issue #1886 · datalust/seq-tickets

Datalust Seq before 2023.2.9489 allows insertion of sensitive information into an externally accessible file or directory. This is exploitable only when external (SQL Server or PostgreSQL) metadata storage is used. Exploitation can only occur from a high-privileged user account.

CVE-2023-35077: Ivanti Community

An out-of-bounds write vulnerability on windows operating systems causes the Ivanti AntiVirus Product to crash. Update to Ivanti AV Product version 7.9.1.285 or above.

CVE-2023-25840: ArcGIS Server Security 2023 Update 1 Patch available!

There is a Cross-site Scripting vulnerability in ArcGIS Server in versions 10.8.1 – 11.1 that may allow a remote, authenticated attacker to create a crafted link which onmouseover wont execute but could potentially render an image in the victims browser.  The privileges required to execute this attack are high.

Azure AD Token Forging Technique in Microsoft Attack Extends Beyond Outlook, Wiz Reports

The recent attack against Microsoft's email infrastructure by a Chinese nation-state actor referred to as Storm-0558 is said to have a broader scope than previously thought. According to cloud security company Wiz, the inactive Microsoft account (MSA) consumer signing key used to forge Azure Active Directory (Azure AD or AAD) tokens to gain illicit access to Outlook Web Access (OWA) and

WordPress Page Builder KingComposer 2.9.5 Open Redirection

WordPress Page Builder KingComposer plugin version 2.9.5 suffers from an open redirection vulnerability.