#windows

ImpressionTech CMS version 1.4 suffers from a remote SQL injection vulnerability.

Impress CMS version 1.3.9 suffers from an open redirection vulnerability.

ImgHosting version 1.3 suffers from a html injection vulnerability.

Humhub version 1.3.13 suffers from a remote shell upload vulnerability.

A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument page leads to file inclusion. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238638 is the identifier assigned to this vulnerability.

Categories: News Tags: week Tags: security Tags: August Tags: 2023 A list of topics we covered in the week of August 28 to September 3, 2023. (Read more...) The post A week in security (August 28 - September 3) appeared first on Malwarebytes Labs.

Proof-of-concept (PoC) exploit code has been made available for a recently disclosed and patched critical flaw impacting VMware Aria Operations for Networks (formerly vRealize Network Insight). The flaw, tracked as CVE-2023-34039, is rated 9.8 out of a maximum of 10 for severity and has been described as a case of authentication bypass due to a lack of unique cryptographic key generation. “A

Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.

Microsoft Windows Kernel renaming layered keys does not reference count security descriptors, leading to a use-after-free condition.

PlayTube version 3.0.1 suffers from an information leakage vulnerability.