#windows

Security researchers set up a remote machine and recorded every move cybercriminals made—including their login details.

PHPJabbers Vacation Rental Script version 4.0 suffers from a cross site request forgery vulnerability.

Lucee version 5.4.2.17 suffers from a cross site scripting vulnerability.

eHato CMS version 1.0 suffers from a cross site scripting vulnerability.

Dexx CMS HTML and Site Builder version 2.2.3 suffers from cross site scripting and arbitrary file upload vulnerabilities.

DevSoft Arge Bilişim CMS version 1.0.0 suffers from a cross site scripting vulnerability.

Desenvolvido Buscazip Guiaking CMS version 1.0 suffers from a cross site scripting vulnerability.

Deprixa version 3.2.5 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Datoo Complete Dating Script version 1.0 suffers from an html injection vulnerability.

# Microsoft Security Advisory CVE-2023-35390: .NET Remote Code Execution Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists when some dotnet commands are used in directories with weaker permissions which can result in remote code execution. ## Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/266 ### <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any .NET 7.0.1xx SDK 7.0.109 or earlier. * Any .NET 7.0.3xx SDK 7.0.306 or earlier. * Any .NET 6.0.1xx SDK 6.0.120 or earlier. * Any .NET 6.0.3xx SDK 6.0.315 or earlier. * A...