Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

GHSA-fwj4-72fm-c93g: Under-validated ComSpec and cmd.exe resolution in Mutagen projects

### Impact Mutagen projects offer shell-based execution functionality. On Windows, the shell is resolved using the standard `%ComSpec%` mechanism, with a fallback to a `%PATH%`-based search for `cmd.exe`. While this is the standard practice on Windows systems, it presents somewhat risky behavior. Firstly, `%ComSpec%` could, in theory, be set maliciously. Unfortunately, there's not much that can be done to prevent this attack surface, because `%ComSpec%` is the official mechanism for shell specification on Windows. We can, however, validate that it points to an absolute path, which one would expect for a properly set value. Secondly, a fallback to a relative `cmd.exe` path, resolved via `%PATH%`, could be risky. The risk is largely mitigated by changes in Go 1.19 and later, but prior to that a malicious `cmd.exe` could been resolved in the current working directory. To mitigate this issue, Mutagen now uses the `%SystemRoot%` environment variable (also validated to be an absolut...

ghsa
Open in Source
#windows#git#perl
CVE-2023-30122: bug_report/RCE-1.md at main · xtxxueyan/bug_report

An arbitrary file upload vulnerability in the component /admin/ajax.php?action=save_menu of Online Food Ordering System v2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.

CVE-2023-25289: OffSec’s Exploit Database Archive

Directory Traversal vulnerability in virtualreception Digital Receptie version win7sp1_rtm.101119-1850 6.1.7601.1.0.65792 in embedded web server, allows attacker to gain sensitive information via a crafted GET request.

CVE-2023-23059

An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains improper permissions within the default installation and allows attackers to execute arbitrary code and gain escalated privileges.

CVE-2023-30184: Typecho <= 1.2.0 Comments URL with Stored-XSS Vulnerability · Issue #1546 · typecho/typecho

A stored cross-site scripting (XSS) vulnerability in Typecho v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter at /index.php/archives/1/comment.

CVE-2023-30203: bug_report/SQLi-2.md at main · debug601/bug_report

Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the event_id parameter at /php-jms/result_sheet.php.

Companymaps 8.0 SQL Injection

Companymaps version 8.0 suffers from a remote SQL injection vulnerability.

Companymaps 8.0 Cross Site Scripting

Companymaps version 8.0 suffers from a cross site scripting vulnerability.

GV-Edge Recording Manager 2.2.3.0 Privilege Escalation

GV-Edge Recording Manager version 2.2.3.0 suffers from a privilege escalation vulnerability.

Researchers Uncover New Exploit for PaperCut Vulnerability That Can Bypass Detection

Cybersecurity researchers have found a way to exploit a recently disclosed critical flaw in PaperCut servers in a manner that bypasses all current detections. Tracked as CVE-2023-27350 (CVSS score: 9.8), the issue affects PaperCut MF and NG installations that could be exploited by an unauthenticated attacker to execute arbitrary code with SYSTEM privileges. While the flaw was patched by the