Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Simple Inventory Management System 1.0 SQL Injection

Simple Inventory Management System version 1.0 suffers from a remote SQL injection vulnerability.

Packet Storm
#sql#vulnerability#windows#google#php#auth
Flashcard Quiz App 1.0 SQL Injection

Flashcard Quiz App version 1.0 suffers from a remote SQL injection vulnerability.

FAQ Management System 1.0 SQL Injection

FAQ Management System version 1.0 suffers from a remote SQL injection vulnerability.

Backdoor.Win32.AutoSpy.10 MVID-2024-0671 Remote Command Execution

Backdoor.Win32.AutoSpy.10 malware suffers from a remote command execution vulnerability.

Russian Ministry Software Backdoored with North Korean KONNI Malware

By Waqas Friend or Foe? This is a post from HackRead.com Read the original post: Russian Ministry Software Backdoored with North Korean KONNI Malware

Tosibox Key Service 3.3.0 Local Privilege Escalation / Unquoted Service Path

Tosibox Key Service versions 3.3.0 and below suffer from an unquoted search path issue impacting the service Tosibox Key Service for Windows. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system.

ConnectWise ScreenConnect 23.9.7 Unauthenticated Remote Code Execution

This Metasploit module exploits an authentication bypass vulnerability that allows an unauthenticated attacker to create a new administrator user account on a vulnerable ConnectWise ScreenConnect server. The attacker can leverage this to achieve remote code execution by uploading a malicious extension module. All versions of ScreenConnect version 23.9.7 and below are affected.

Tosibox Key Service 3.3.0 Local Privilege Escalation

The application suffers from an unquoted search path issue impacting the service 'Tosibox Key Service' for Windows deployed as part of Tosibox software application. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.

Here Are the Secret Locations of ShotSpotter Gunfire Sensors

The locations of microphones used to detect gunshots have been kept hidden from police and the public. A WIRED analysis of leaked coordinates confirms arguments critics have made against the technology.

Bluzelle’s Curium App Makes Crypto Earning Effortless

By Uzair Amir Meet Curium by Bluzelle, a new Miner Pool app. This is a post from HackRead.com Read the original post: Bluzelle’s Curium App Makes Crypto Earning Effortless