Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

A whirlwind adventure: Malwarebytes' 15-year journey in business cybersecurity

Categories: Business It's time to buckle up and embark on a whimsical journey through the twists and turns of Malwarebytes' evolution. (Read more...) The post A whirlwind adventure: Malwarebytes' 15-year journey in business cybersecurity appeared first on Malwarebytes Labs.

Malwarebytes
Open in Source
#vulnerability#web#ios#android#mac#windows#linux#zero_day#chrome#ssl
Citrix 22.2.1.103 / 23.1.1.11 Local Privilege Escalation

Citrix versions 22.2.1.103 and 23.1.1.11 suffer from a local privilege escalation vulnerability.

CVE-2023-1412: Windows desktop client · Cloudflare WARP client docs

An unprivileged (non-admin) user can exploit an Improper Access Control vulnerability in the Cloudflare WARP Client for Windows (<= 2022.12.582.0) to perform privileged operations with SYSTEM context by working with a combination of opportunistic locks (oplock) and symbolic links (which can both be created by an unprivileged user). After installing the Cloudflare WARP Client (admin privileges required), an MSI-Installer is placed under C:\Windows\Installer. The vulnerability lies in the repair function of this MSI. ImpactAn unprivileged (non-admin) user can exploit this vulnerability to perform privileged operations with SYSTEM context, including deleting arbitrary files and reading arbitrary file content. This can lead to a variety of attacks, including the manipulation of system files and privilege escalation. PatchesA new installer with a fix that addresses this vulnerability was released in version 2023.3.381.0. While the WARP Client itself is not vulnerable (only the installer), u...

CVE-2022-43664: TALOS-2022-1673 || Cisco Talos Intelligence Group

A use-after-free vulnerability exists within the way Ichitaro Word Processor 2022, version 1.0.1.57600, processes protected documents. A specially crafted document can trigger reuse of freed memory, which can lead to further memory corruption and potentially result in arbitrary code execution. An attacker can provide a malicious document to trigger this vulnerability.

Pentaho BA Server EE 9.3.0.0-428 Server-Side Template Injection / Remote Code Execution

Pentaho BA Server EE version 9.3.0.0-428 suffers from a remote code execution vulnerability via a server-side template injection flaw.

CVE-2023-26857: bug_report/RCE-1.md at main · ctg503/bug_report

An arbitrary file upload vulnerability in /admin/ajax.php?action=save_uploads of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

CVE-2023-26856: bug_report/SQLi-1.md at main · ctg503/bug_report

Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/ajax.php?action=login.

Hackers Using Self-Extracting Archives Exploit for Stealthy Backdoor Attacks

An unknown threat actor used a malicious self-extracting archive (SFX) file in an attempt to establish persistent backdoor access to a victim's environment, new findings from CrowdStrike show. SFX files are capable of extracting the data contained within them without the need for dedicated software to display the file contents. It achieves this by including a decompressor stub, a piece of code