#windows

Eatself version 1.1.5 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Excel Net Computer Institute version 4.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Categories: News Tags: Lock and Code S04E01 Tags: LastPass breach Tags: Okta breach Tags: VPN Tags: Synology Tags: fake Flipper Zero Tags: cyber insurance Tags: Wordpress plugin Tags: Twitter data dump Tags: Twitter The most interesting security related news from the week of January 1 to 8. (Read more...) The post A week in security (January 1 - 8) appeared first on Malwarebytes Labs.

** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in forcedotcom SalesforceMobileSDK-Windows up to 4.x. It has been rated as critical. This issue affects the function ComputeCountSql of the file SalesforceSDK/SmartStore/Store/QuerySpec.cs. The manipulation leads to sql injection. Upgrading to version 5.0.0 is able to address this issue. The name of the patch is 83b3e91e0c1e84873a6d3ca3c5887eb5b4f5a3d8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217619. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Efs Software Easy Chat Server Version 3.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL.

### Impact When configuring a Windows named pipe server, setting `pipe_mode` will reset `reject_remote_clients` to `false`. If the application has previously configured `reject_remote_clients` to `true`, this effectively undoes the configuration. This also applies if `reject_remote_clients` is not explicitly set as this is the default configuration and is cleared by calling `pipe_mode`. Remote clients may only access the named pipe if the named pipe's associated path is accessible via a publically shared folder (SMB). ### Patches The following versions have been patched: * 1.23.1 * 1.20.3 * 1.18.4 The fix will also be present in all releases starting from version 1.24.0. Named pipes were introduced to Tokio in version 1.7.0, so releases older than 1.7.0 are not affected. ### Workarounds Ensure that `pipe_mode` is set **first** after initializing a `ServerOptions`. For example: ```rust let mut opts = ServerOptions::new(); opts.pipe_mode(PipeMode::Message); opts.reject_remote_cl...

By Deeba Ahmed In total 22 proprietary software vulnerabilities were identified in the firmware, which Qualcomm addressed in its January 2023… This is a post from HackRead.com Read the original post: Chip Vulnerabilities Impacting Microsoft, Lenovo, and Samsung Devices

Microsoft has shed light on four different ransomware families – KeRanger, FileCoder, MacRansom, and EvilQuest – that are known to impact Apple macOS systems. "While these malware families are old, they exemplify the range of capabilities and malicious behavior possible on the platform," the tech giant's Security Threat Intelligence team said in a Thursday report. The initial vector for these

A variant of the infamous Dridex banking malware has set its sights on Apple's macOS operating system using a previously undocumented infection method, according to latest research. It has "adopted a new technique to deliver documents embedded with malicious macros to users without having to pretend to be invoices or other business-related files," Trend Micro researcher Armando Nathaniel

Cloud services provider Rackspace on Thursday confirmed that the ransomware gang known as Play was responsible for last month's breach. The security incident, which took place on December 2, 2022, leveraged a previously unknown security exploit to gain initial access to the Rackspace Hosted Exchange email environment. "This zero-day exploit is associated with CVE-2022-41080," the Texas-based