Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2023-35349: Microsoft Message Queuing Remote Code Execution Vulnerability

Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation: The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel. You can check to see if there is a service running named **Message Queuing** and TCP port 1801 is listening on the machine.

Microsoft Security Response Center
Open in Source
#vulnerability#mac#windows#microsoft#rce#Windows Message Queuing#Security Vulnerability
CVE-2023-41766: Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

Microsoft Response to Distributed Denial of Service (DDoS) Attacks against HTTP/2

Summary Summary Beginning in September 2023, Microsoft was notified by industry partners about a newly identified Distributed Denial-of-Service (DDoS) attack technique being used in the wild targeting HTTP/2 protocol. This vulnerability (CVE-2023-44487) impacts any internet exposed HTTP/2 endpoints. As an industry leader, Microsoft promptly opened an investigation and subsequently began working with industry partners for a coordinated disclosure and mitigation plan.

CVE-2023-44812: GitHub - ahrixia/CVE-2023-44812: mooSocial v3.1.8 is vulnerable to cross-site scripting on Admin redirect function.

Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the admin_redirect_url parameter of the user login function.

CVE-2023-44813: GitHub - ahrixia/CVE-2023-44813: mooSocial v3.1.8 is vulnerable to cross-site scripting on Invite Friend function.

Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function.

Chicv Management System Login 4.5.6 Insecure Direct Object Reference

Chicv Management System Login version 4.5.6 suffers from an insecure direct object reference vulnerability.

Aicte India LMS 3.0 Cross Site Scripting

Aicte India LMS version 3.0 suffers from a cross site scripting vulnerability.

CVE-2023-45247

Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36497.