#windows

Hex Workshop version 6.7 is vulnerable to denial of service via command line file arguments and control of the Structured Exception Handler (SEH) records.

Scdbg version 1.0 suffers from a buffer overflow vulnerability that can cause a denial of service condition.

Phpgurukul Park Ticketing Management System 1.0 is vulnerable to SQL Injection via the User Name parameter.

Phpgurukul Park Ticketing Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Admin Name parameter.

Microsoft has released an out-of-band update to address a privacy-defeating flaw in its screenshot editing tool for Windows 10 and Windows 11. The issue, dubbed aCropalypse, could enable malicious actors to recover edited portions of screenshots, potentially revealing sensitive information that may have been cropped out. Tracked as CVE-2023-28303, the vulnerability is rated 3.3 on the CVSS

Use of Default Password vulnerability in ABB RCCMD on Windows, Linux, MacOS allows Try Common or Default Usernames and Passwords.This issue affects RCCMD: before 4.40 230207.

Categories: News Tags: potentially unwanted programs Tags: PUP Tags: ViLE Tags: Google Tags: Magecart Tags: skimmer Tags: skimming Tags: NBA Tags: Google Pixel crop Tags: Kritec Magecart Tags: fake IRS tax mail Tags: Emotet Tags: BreachForums Tags: Bitcoin ATM Tags: Bitcoin Tags: USB bomb Tags: USB Tags: ChatGPT The most interesting security related news from the week of March 20 - 26. (Read more...) The post A week in security (March 20 - 26) appeared first on Malwarebytes Labs.

Hello everyone! This episode will be about Microsoft Patch Tuesday for March 2023, including vulnerabilities that were added between February and March Patch Tuesdays. Alternative video link (for Russia): https://vk.com/video-149273431_456239119 As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Tenable, Rapid7, ZDI […]

A vulnerability classified as problematic was found in IObit Malware Fighter 9.4.0.776. This vulnerability affects the function 0x222010 in the library ObCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224020.

A vulnerability classified as problematic has been found in IObit Malware Fighter 9.4.0.776. This affects the function 0x8001E04C in the library ImfRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224019.