Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Persistence – Explorer

Windows File Explorer is the is the graphical file management utility for the Windows operating system and the default desktop environment. Windows explorer was introduced… Continue reading → Persistence – Explorer

Pentestlab
Open in Source
#web#windows#linux#git
GHSA-r8w9-5wcg-vfj7: Mio's tokens for named pipes may be delivered after deregistration

### Impact When using named pipes on Windows, mio will under some circumstances return invalid tokens that correspond to named pipes that have already been deregistered from the mio registry. The impact of this vulnerability depends on how mio is used. For some applications, invalid tokens may be ignored or cause a warning or a crash. On the other hand, for applications that store pointers in the tokens, this vulnerability may result in a use-after-free. For users of Tokio, this vulnerability is serious and can result in a use-after-free in Tokio. The vulnerability is Windows-specific, and can only happen if you are using named pipes. Other IO resources are not affected. ### Affected versions This vulnerability has been fixed in mio v0.8.11. All versions of mio between v0.7.2 and v0.8.10 are vulnerable. Tokio is vulnerable when you are using a vulnerable version of mio AND you are using at least Tokio v1.30.0. Versions of Tokio prior to v1.30.0 will ignore invalid tokens, so they...

GHSA-r4pf-3v7r-hh55: electron-builder's NSIS installer - execute arbitrary code on the target machine (Windows only)

### Impact Windows-Only: The NSIS installer makes a system call to open cmd.exe via NSExec in the `.nsh` installer script. NSExec by default searches the current directory of where the installer is located before searching `PATH`. This means that if an attacker can place a malicious executable file named cmd.exe in the same folder as the installer, the installer will run the malicious file. ### Patches Fixed in https://github.com/electron-userland/electron-builder/pull/8059 ### Workarounds None, it executes at the installer-level before the app is present on the system, so there's no way to check if it exists in a current installer. ### References https://cwe.mitre.org/data/definitions/426.html https://cwe.mitre.org/data/definitions/427

Petrol Pump Management System 1.0 Shell Upload

Petrol Pump Management System version 1.0 suffers from a remote shell upload vulnerability. This is a variant vector of attack in comparison to the original discovery attributed to SoSPiro in February of 2024.

Petrol Pump Management Software 1.0 SQL Injection

Petrol Pump Management Software version 1.0 suffers from a remote SQL injectionvulnerability.

Petrol Pump Management Software 1.0 Cross Site Scripting

Petrol Pump Management Software version 1.0 suffers from multiple cross site scripting vulnerabilities.

SumatraPDF 3.5.2 DLL Hijacking

SumatraPDF version 3.5.2 suffers from a DLL hijacking vulnerability using CRYPTBASE.DLL. DLL hijacking in this version was already discovered by Ravishanka Silva in February of 2024 but the findings did not include this DLL.

Boss Mini 1.4.0 Local File Inclusion

Boss Mini version 1.4.0 suffers from a local file inclusion vulnerability.

A-PDF All To MP3 Converter 2.0.0 Overflow

A-PDF All to MP3 Converter version 2.0.0 overflow exploit with DEP Bypass with HeapCreate + HeapAlloc + some_memory_copy_function ROP chain.

BoidCMS 2.0.0 Command Injection

This Metasploit module leverages CVE-2023-38836, an improper sanitization bug in BoidCMS versions 2.0.0 and below. BoidCMS allows the authenticated upload of a php file as media if the file has the GIF header, even if the file is a php file.