Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Night Club Booking Software 1.0 Cross Site Scripting

Night Club Booking Software version 1.0 suffers from a cross site scripting vulnerability.

Packet Storm
Open in Source
#xss#vulnerability#web#mac#windows#apple#google#git#php#auth#chrome#webkit
N-Able's Take Control Agent Vulnerability Exposes Windows Systems to Privilege Escalation

A high-severity security flaw has been disclosed in N-Able's Take Control Agent that could be exploited by a local unprivileged attacker to gain SYSTEM privileges. Tracked as CVE-2023-27470 (CVSS score: 8.8), the issue relates to a Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability, which, when successfully exploited, could be leveraged to delete arbitrary files on a Windows

CVE-2023-4814

A Privilege escalation vulnerability exists in Trellix Windows DLP endpoint for windows which can be abused to delete any file/folder for which the user does not have permission to.

FBI Hacker Dropped Stolen Airbus Data on 9/11

In December 2022, KrebsOnSecurity broke the news that a cybercriminal using the handle "USDoD" had infiltrated the FBI's vetted information sharing network InfraGard, and was selling the contact information for all 80,000 members. The FBI responded by reverifying all InfraGard members and by seizing the cybercrime forum where the data was being sold. But on Sept. 11, 2023, USDoD resurfaced after a lengthy absence to leak sensitive employee data stolen from the aerospace giant Airbus, while promising to visit the same treatment on top U.S. defense contractors.

CVE-2023-3280: CVE-2023-3280 Cortex XDR Agent: Local Windows User Can Disable the Agent

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent.

Blood Bank And Donor Management System 2.2 Cross Site Scripting

Blood Bank and Donor Management System version 2.2 suffers from a persistent cross site scripting vulnerability.

Kleeja 1.5.4 Cross Site Scripting

Kleeja version 1.5.4 suffers from a cross site scripting vulnerability.

K-LOANS 1.4.5 Insecure Settings

K-LOANS version 1.4.5 suffers from an ignored default credential vulnerability.

Alert: New Kubernetes Vulnerabilities Enable Remote Attacks on Windows Endpoints

Three interrelated high-severity security flaws discovered in Kubernetes could be exploited to achieve remote code execution with elevated privileges on Windows endpoints within a cluster. The issues, tracked as CVE-2023-3676, CVE-2023-3893, and CVE-2023-3955, carry CVSS scores of 8.8 and impact all Kubernetes environments with Windows nodes. Fixes for the vulnerabilities were released on August