Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Latest Firmware Flaws in Qualcomm Snapdragon Need Attention

The issue concerns the boot layer of ARM chips, which are driving a low-power mobile ecosystem that includes 5G smartphones and base stations.

DARKReading
Open in Source
#vulnerability#ios#windows#microsoft#intel#perl#lenovo#amd#bios#ssl
CVE-2022-46603: GitHub - 10cks/inkdropPoc: inkdrop XSS to RCE Poc

An issue in Inkdrop v5.4.1 allows attackers to execute arbitrary commands via uploading a crafted markdown file.

CVE-2022-47790: bug_report/SQLi-1.md at main · xtxxueyan/bug_report

Sourcecodester Dynamic Transaction Queuing System v1.0 is vulnerable to SQL Injection via /queuing/index.php?page=display&id=.

CVE-2022-46258: Release notes - GitHub Enterprise Server 3.3 Docs

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a repository-scoped token with read/write access to modify Action Workflow files without a Workflow scope. The Create or Update file contents API should enforce workflow scope. This vulnerability affected all versions of GitHub Enterprise Server prior to version 3.7 and was fixed in versions 3.3.16, 3.4.11, 3.5.8, and 3.6.4. This vulnerability was reported via the GitHub Bug Bounty program.

CVE-2023-22472: CSRF vulnerability in Nextcloud Desktop Client on Windows when clicking malicious link

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. It is possible to make a user send any POST request with an arbitrary body given they click on a malicious deep link on a Windows computer. (e.g. in an email, chat link, etc). There are currently no known workarounds. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.2.

Eatself 1.1.5 SQL Injection

Eatself version 1.1.5 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Excel Net Computer Institute 4.1 SQL Injection

Excel Net Computer Institute version 4.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

A week in security (January 1 - 8)

Categories: News Tags: Lock and Code S04E01 Tags: LastPass breach Tags: Okta breach Tags: VPN Tags: Synology Tags: fake Flipper Zero Tags: cyber insurance Tags: Wordpress plugin Tags: Twitter data dump Tags: Twitter The most interesting security related news from the week of January 1 to 8. (Read more...) The post A week in security (January 1 - 8) appeared first on Malwarebytes Labs.

CVE-2016-15012

** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in forcedotcom SalesforceMobileSDK-Windows up to 4.x. It has been rated as critical. This issue affects the function ComputeCountSql of the file SalesforceSDK/SmartStore/Store/QuerySpec.cs. The manipulation leads to sql injection. Upgrading to version 5.0.0 is able to address this issue. The name of the patch is 83b3e91e0c1e84873a6d3ca3c5887eb5b4f5a3d8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217619. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVE-2022-44939: WindowsPrivilegeEscalation/Research.txt at main · RashidKhanPathan/WindowsPrivilegeEscalation

Efs Software Easy Chat Server Version 3.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL.