Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2023-34865: There is a remote code execution (RCE) vulnerability exists in ujcms v6.0.2 · Issue #5 · ujcms/ujcms

Directory traversal vulnerability in ujcms 6.0.2 allows attackers to move files via the rename feature.

CVE
Open in Source
#vulnerability#web#windows#linux#js#git#java#rce
CVE-2021-31280: tp5cms v1.0.0 has XSS vulnerability · Issue #8 · fmsdwifull/tp5cms

An issue was discovered in tp5cms through 2017-05-25. admin.php/system/set.html has XSS via the keywords parameter.

How Popular Messaging Tools Instill a False Sense of Security

It's time to include messaging tool security in your cloud security program. Good first steps include tightening filter parameters on Slack and Teams.

Insights Into Nation-State Tactics: Lessons From Russia's Hybrid War In Ukraine

By paying attention to emerging threat intelligence, security leaders can be better prepared to defend against similar attack vectors in the future.

Microsoft Fixes 69 Bugs, but None Are Zero-Days

The June 2023 Patch Tuesday security update included fixes for a bypass for two previously addressed issues in Microsoft Exchange and a critical elevation of privilege flaw in SharePoint Server.

New Golang-based Skuld Malware Stealing Discord and Browser Data from Windows PCs

A new Golang-based information stealer called Skuld has compromised Windows systems across Europe, Southeast Asia, and the U.S. "This new malware strain tries to steal sensitive information from its victims," Trellix researcher Ernesto Fernández Provecho said in a Tuesday analysis. "To accomplish this task, it searches for data stored in applications such as Discord and web browsers; information

Fake Researcher Profiles Spread Malware through GitHub Repositories as PoC Exploits

At least half of dozen GitHub accounts from fake researchers associated with a fraudulent cybersecurity company have been observed pushing malicious repositories on the code hosting service. All seven repositories, which are still available as of writing, claim to be a proof-of-concept (PoC) exploit for purported zero-day flaws in Discord, Google Chrome, and Microsoft Exchange. VulnCheck, which

CVE-2023-0837: TV-2023-1001

An improper authorization check of local device settings in TeamViewer Remote between version 15.41 and 15.42.7 for Windows and macOS allows an unprivileged user to change basic local device settings even though the options were locked. This can result in unwanted changes to the configuration.

Microsoft Releases Updates to Patch Critical Flaws in Windows and Other Software

Microsoft has rolled out fixes for its Windows operating system and other software components to remediate major security shortcomings as part of Patch Tuesday updates for June 2023. Of the 73 flaws, six are rated Critical, 63 are rated Important, two are rated Moderated, and one is rated Low in severity. This also includes three issues the tech giant addressed in its Chromium-based Edge browser

Microsoft fixes six critical vulnerabilities in June Patch Tuesday

Categories: Exploits and vulnerabilities Categories: News Tags: Microsoft Tags: patch Tuesday Tags: CVE-2023-29357 Tags: CVE-2023-29363 Tags: CVE-2023-32014 Tags: CVE-2023-32015 Tags: CVE-2023-32013 Tags: CVE-2023-24897 Tags: CVE-2023-32031 Tags: SharePoint Tags: PGM Tags: Exchange Tags: Hyper-V Patch Tuesday of June 2023 is relatively relaxed. No actively exploited zero-days and only six critical vulnerabilities. (Read more...) The post Microsoft fixes six critical vulnerabilities in June Patch Tuesday appeared first on Malwarebytes Labs.