Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2022-48483: Pwning 3CX Phone Management Backends from the Internet

3CX before 18 Hotfix 1 build 18.0.3.461 on Windows allows unauthenticated remote attackers to read %WINDIR%\system32 files via /Electron/download directory traversal in conjunction with a path component that has a drive letter and uses backslash characters. NOTE: this issue exists because of an incomplete fix for CVE-2022-28005.

CVE
Open in Source
#sql#vulnerability#web#windows#google#microsoft#linux#js#rce#perl#nginx#auth#postgres
Adobe ColdFusion Unauthenticated Remote Code Execution

This Metasploit module exploits a remote unauthenticated deserialization of untrusted data vulnerability in Adobe ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier, in order to gain remote code execution.

CompanyMaps 8.0 Cross Site Scripting

CompanyMaps version 8.0 suffers from a persistent cross site scripting vulnerability.

Microsoft: You're already using the last version of Windows 10

Categories: News Tags: Windows 10 Tags: Windows 11 Tags: Windows 10 end of support The current version of Windows 10, version 22H2, will be the last edition of the operating system (OS). (Read more...) The post Microsoft: You're already using the last version of Windows 10 appeared first on Malwarebytes Labs.

Mobile Mouse 3.6.0.4 Remote Code Execution

Mobile Mouse version 3.6.0.4 suffers from a remote code execution vulnerability. This exploit is a second version from the original author of the original exploit released in September of 2022.

Old Age Home Management 1.0 SQL Injection

Old Age Home Management version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

APT28 Targets Ukrainian Government Entities with Fake "Windows Update" Emails

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks perpetrated by Russian nation-state hackers targeting various government bodies in the country. The agency attributed the phishing campaign to APT28, which is also known by the names Fancy Bear, Forest Blizzard, FROZENLAKE, Iron Twilight, Sednit, and Sofacy. The email messages come with the subject line "

A week in security (April 24 -30)

Categories: News Tags: Lockbit Tags: cl0p Tags: papercut Tags: vmware Tags: magecart Tags: fileless Tags: chatgpt Tags: apc Tags: Pupy rat Tags: guloader Tags: black basta Tags: flipper zero Tags: clickjacking The most interesting security related news of the week from April 24 till April 30 (Read more...) The post A week in security (April 24 -30) appeared first on Malwarebytes Labs.

Apple, Google, and Microsoft Just Fixed Zero-Day Security Flaws

Firefox gets a needed tune-up, SolarWinds squashes two high-severity bugs, Oracle patches 433 vulnerabilities, and more updates you should make now.

CVE-2023-2420: elecms/README.md at main · VG00000/elecms

A vulnerability was found in MLECMS 3.0. It has been rated as critical. This issue affects the function get_url in the library /upload/inc/lib/admin of the file upload\inc\include\common.func.php. The manipulation of the argument $_SERVER['REQUEST_URI'] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227717 was assigned to this vulnerability.