Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2023-24780: Database management plug-in table.php columns-sql injection vulnerability · Issue #6 · funadmin/funadmin

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/columns.

CVE
Open in Source
#sql#csrf#vulnerability#web#windows#apple#js#java#php#auth#chrome#webkit
Hiatus Campaign Infects DrayTek Routers for Cyber Espionage, Proxy Control

Two novel malware binaries, including "HiatusRAT," offer unique capabilities that point to the need for better security for companies' router infrastructure.

CVE-2023-1003: Typora on Windows fails to properly filter WSH JScript, which may result in code execution · Issue #5623 · typora/typora-issues

A vulnerability, which was classified as critical, was found in Typora up to 1.5.5. Affected is an unknown function of the component WSH JScript Handler. The manipulation leads to code injection. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.8 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221736.

CVE-2023-24775: member.memberLevel#selectFields[value] has sql injection vulnerability · Issue #9 · funadmin/funadmin

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\Member.php.

Chinese Sharp Panda Group Unleashes SoulSearcher Malware

By Waqas Currently, in its cyber espionage campaign, Sharp Panda hackers are targeting government entities in Asia. This is a post from HackRead.com Read the original post: Chinese Sharp Panda Group Unleashes SoulSearcher Malware

Remcos RAT Spyware Scurries Into Machines via Cloud Servers

Attackers use phishing emails that appear to come from reputable organizations, dropping the payload using public cloud servers and an old Windows UAC bypass technique.

CVE-2015-10087: Offensive Security’s Exploit Database Archive

** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in UpThemes Theme DesignFolio Plus 1.2 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 53f6ae62878076f99718e5feb589928e83c879a9. It is recommended to apply a patch to fix this issue. The identifier VDB-221809 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.