#windows

Humhub version 1.3.13 suffers from a remote shell upload vulnerability.

A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument page leads to file inclusion. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238638 is the identifier assigned to this vulnerability.

Categories: News Tags: week Tags: security Tags: August Tags: 2023 A list of topics we covered in the week of August 28 to September 3, 2023. (Read more...) The post A week in security (August 28 - September 3) appeared first on Malwarebytes Labs.

Proof-of-concept (PoC) exploit code has been made available for a recently disclosed and patched critical flaw impacting VMware Aria Operations for Networks (formerly vRealize Network Insight). The flaw, tracked as CVE-2023-34039, is rated 9.8 out of a maximum of 10 for severity and has been described as a case of authentication bypass due to a lack of unique cryptographic key generation. “A

Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.

Microsoft Windows Kernel renaming layered keys does not reference count security descriptors, leading to a use-after-free condition.

PlayTube version 3.0.1 suffers from an information leakage vulnerability.

Clcknshop version 1.0.0 suffers from a remote SQL injection vulnerability.

Clcknshop version 1.0.0 suffers from a cross site scripting vulnerability.

File Upload vulnerability in DWSurvey DWSurvey-OSS v.3.2.0 and before allows a remote attacker to execute arbitrary code via the saveimage method and savveFile in the action/UploadAction.java file.