Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2022-40036: Improper Authorization In /adminGetUserList · Issue #5 · rawchen/blog-ssm

An issue was discovered in Rawchen blog-ssm v1.0 allows an attacker to obtain sensitive user information by bypassing permission checks via the /adminGetUserList component.

CVE
Open in Source
#vulnerability#mac#windows#linux#git#auth#chrome#firefox
CVE-2022-40037: Unrestricted Upload of File with Dangerous Type In /upFile · Issue #2 · rawchen/blog-ssm

An issue discovered in Rawchen blog-ssm v1.0 allows remote attacker to escalate privileges and execute arbitrary commands via the component /upFile.

CVE-2022-38758: NetIQ iManager 3.2 Service Pack 6 Release Notes

Cross-site Scripting (XSS) vulnerability in NetIQ iManager prior to version 3.2.6 allows attacker to execute malicious scripts on the user's browser. This issue affects: Micro Focus NetIQ iManager NetIQ iManager versions prior to 3.2.6 on ALL.

CVE-2021-36686: Stored XSS in remarks of the interface · Issue #2190 · YMFE/yapi

Cross Site Scripting (XSS) vulnerability in yapi 1.9.1 allows attackers to execute arbitrary code via the /interface/api edit page.

CVE-2021-41988: Vulnerability-Disclosures/MNDT-2023-0002.md at master · mandiant/Vulnerability-Disclosures

Qlik NPrinting Designer through 21.14.3.0 creates a Temporary File in a Directory with Insecure Permissions.

CVE-2021-41989: Vulnerability-Disclosures/MNDT-2023-0001.md at master · mandiant/Vulnerability-Disclosures

Qlik QlikView through 12.60.20100.0 creates a Temporary File in a Directory with Insecure Permissions.

CVE-2022-38775: Security issues

An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.

New Python Malware Targeting Windows Devices

By Deeba Ahmed Dubbed PY#RATION by researchers; the new Python malware is equipped with RAT behaviour and info-stealing capabilities. This is a post from HackRead.com Read the original post: New Python Malware Targeting Windows Devices

CVE-2022-41141: ZDI-22-1300

This vulnerability allows local attackers to escalate privileges on affected installations of Windscribe. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-16859.

Congratulations to the Top MSRC 2022 Q4 Security Researchers!

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2022 Q4 Security Researcher Leaderboard are: goodbyeselene, Jarvis_1oop, and kap0k! Check out the full list of researchers recognized this quarter here. … Congratulations to the Top MSRC 2022 Q4 Security Researchers! Read More »