#windows

CMSctweb Creative version 1.0 suffers from a cross site scripting vulnerability.

CMS Ultimate Solutions DreamSus version 1.4 suffers from a cross site scripting vulnerability.

WordPress Page Builder KingComposer plugin version 2.9.6 suffers from an open redirection vulnerability.

WordPress Image Optimization plugin version 3.8.2 suffers from an open redirection vulnerability.

CMS Ultimate Solutions DreamSus version 1.4 suffers from a remote shell upload vulnerability.

Zero-day vulnerabilities in Windows Installers for the Atera remote monitoring and management software could act as a springboard to launch privilege escalation attacks. The flaws, discovered by Mandiant on February 28, 2023, have been assigned the identifiers CVE-2023-26077 and CVE-2023-26078, with the issues remediated in versions 1.8.3.7 and 1.8.4.9 released by Atera on April 17, 2023, and

Cybersecurity researchers said they have discovered what they say is the first open-source software supply chain attacks specifically targeting the banking sector. "These attacks showcased advanced techniques, including targeting specific components in web assets of the victim bank by attaching malicious functionalities to it," Checkmarx said in a report published last week. "The attackers

Categories: News Tags: week in security Tags: malwarebytes Tags: July Tags: 2023 A list of topics we covered in the week of July 17 to July 23 of 2023 (Read more...) The post A week in security (July 17 - 23) appeared first on Malwarebytes Labs.

Datalust Seq before 2023.2.9489 allows insertion of sensitive information into an externally accessible file or directory. This is exploitable only when external (SQL Server or PostgreSQL) metadata storage is used. Exploitation can only occur from a high-privileged user account.

An out-of-bounds write vulnerability on windows operating systems causes the Ivanti AntiVirus Product to crash. Update to Ivanti AV Product version 7.9.1.285 or above.