#windows

The recent attack against Microsoft's email infrastructure by a Chinese nation-state actor referred to as Storm-0558 is said to have a broader scope than previously thought. According to cloud security company Wiz, the inactive Microsoft account (MSA) consumer signing key used to forge Azure Active Directory (Azure AD or AAD) tokens to gain illicit access to Outlook Web Access (OWA) and

WordPress Page Builder KingComposer plugin version 2.9.5 suffers from an open redirection vulnerability.

WordPress ChurcHope Responsive Themes version 4.7.x suffers from a directory traversal vulnerability.

CMS-Bank Mellat Payment Manager version 1.0.0 suffers from a cross site scripting vulnerability.

RaidenFTPD version 2.4.4005 suffers from a buffer overflow vulnerability.

CMS TSS-EST version 1.0.0 from a remote SQL injection vulnerability that allows for authentication bypass.

Foody Friend version 1.0 suffers from an arbitrary file upload vulnerability that can assist in cross site scripting attacks.

CMS Supported IRF-TH version 2.0.6 suffers from a cross site scripting vulnerability.

Wifi Soft Unibox Administration versions 3.0 and 3.1 suffer from a remote SQL injection vulnerability.

CMS SAUDI SOFTECH version 5.0.2 suffers from a remote SQL injection vulnerability.