Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

RSA NetWitness Endpoint EDR Agent 12.x Incorrect Access Control / Code Execution

RSA NetWitness Endpoint EDR Agent version 12.x suffers from incorrect access controls that allow for code execution. It allows local users to stop the Endpoint Windows agent from sending the events to a SIEM or make the agent run user-supplied commands.

Packet Storm
Open in Source
#vulnerability#web#windows#dos#redis#auth
Threat Roundup for March 17 to March 24

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 17 and March 24. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key

Online Graduate Tracer System 1.0 SQL Injection

Online Graduate Tracer System version 1.0 suffers from a remote SQL injection vulnerability.

Sales Tracker Management System 1.0 Cross Site Scripting

Sales Tracker Management System version 1.0 suffers from a cross site scripting vulnerability.

CVE-2023-27242: Loan-Management-System/README.md at main · kaikai-11/Loan-Management-System

SourceCodester Loan Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Type parameter under the Edit Loan Types module.

Researchers Uncover Chinese Nation State Hackers' Deceptive Attack Strategies

A recent campaign undertaken by Earth Preta indicates that nation-state groups aligned with China are getting increasingly proficient at bypassing security solutions. The threat actor, active since at least 2012, is tracked by the broader cybersecurity community under Bronze President, HoneyMyte, Mustang Panda, RedDelta, and Red Lich. Attack chains mounted by the group commence with a

CVE-2023-28303: Windows Snipping Tool Information Disclosure Vulnerability

**According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?** When an existing image is partially overwritten, an attacker may be able to recover parts of the original image through the use of a special tool.

CVE-2023-1612: SQL injection vulnerability exists in the /files/list-file interface of the rebuild system · Issue #598 · getrebuild/rebuild

A vulnerability, which was classified as critical, was found in Rebuild up to 3.2.3. This affects an unknown part of the file /files/list-file. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-223743.

CVE-2023-24788: CVE/CVE-2023-24788.md at main · arvandy/CVE

RESERVED NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customer_delivery.php.

CVE-2023-1610: SQL injection vulnerability exists in the /project/tasks/list interface of the rebuild system · Issue #597 · getrebuild/rebuild

A vulnerability, which was classified as critical, has been found in Rebuild up to 3.2.3. Affected by this issue is some unknown functionality of the file /project/tasks/list. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-223742 is the identifier assigned to this vulnerability.