Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2023-1003: Typora on Windows fails to properly filter WSH JScript, which may result in code execution · Issue #5623 · typora/typora-issues

A vulnerability, which was classified as critical, was found in Typora up to 1.5.5. Affected is an unknown function of the component WSH JScript Handler. The manipulation leads to code injection. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.8 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221736.

CVE
Open in Source
#vulnerability#windows#js#perl
CVE-2023-24775: member.memberLevel#selectFields[value] has sql injection vulnerability · Issue #9 · funadmin/funadmin

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\Member.php.

Chinese Sharp Panda Group Unleashes SoulSearcher Malware

By Waqas Currently, in its cyber espionage campaign, Sharp Panda hackers are targeting government entities in Asia. This is a post from HackRead.com Read the original post: Chinese Sharp Panda Group Unleashes SoulSearcher Malware

Remcos RAT Spyware Scurries Into Machines via Cloud Servers

Attackers use phishing emails that appear to come from reputable organizations, dropping the payload using public cloud servers and an old Windows UAC bypass technique.

CVE-2015-10087: Offensive Security’s Exploit Database Archive

** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in UpThemes Theme DesignFolio Plus 1.2 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 53f6ae62878076f99718e5feb589928e83c879a9. It is recommended to apply a patch to fix this issue. The identifier VDB-221809 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVE-2023-24781: member.memberLevel#selectFields[name] has sql injection vulnerability · Issue #8 · funadmin/funadmin

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\MemberLevel.php.

SYS01stealer: New Threat Using Facebook Ads to Target Critical Infrastructure Firms

Cybersecurity researchers have discovered a new information stealer dubbed SYS01stealer targeting critical government infrastructure employees, manufacturing companies, and other sectors. "The threat actors behind the campaign are targeting Facebook business accounts by using Google ads and fake Facebook profiles that promote things like games, adult content, and cracked software, etc. to lure