Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Remote Control Collection Remote Code Execution

This Metasploit module utilizes the Remote Control Server's protocol to deploy a payload and run it from the server. Remote Control Collection by Steppschuh version 3.1.1.12 was tested and affected at the time of the module writing.

Packet Storm
#web#windows#git#rce#auth
Acer Firmware Flaw Lets Attackers Bypass Key Security Feature

The manufacturer is working to fix a vulnerability — similar to a previous problem in Lenovo laptops — that allows threat actors to modify or disable Secure Boot settings to load malware.

CVE-2022-45329: CVE/search_sql_injection.md at master · rdyx0/CVE

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Search parameter. This vulnerability allows attackers to access database information.

CVE-2022-45307: Vuln/php-weak-permission-vuln.md at main · ycdxsb/Vuln

Insecure permissions in Chocolatey PHP package v8.1.12 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\tools\php81 and all files located in that folder.

CVE-2022-45306: Vuln/azure-pipelines-agent-weak-permission-vuln.md at main · ycdxsb/Vuln

Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\agent and all files located in that folder.

CVE-2022-45305: Vuln/python3-weak-permission-vuln.md at main · ycdxsb/Vuln

Insecure permissions in Chocolatey Python3 package v3.11.0 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\Python311 and all files located in that folder.

CVE-2022-45304: Vuln/cmder-weak-permission-vuln.md at main · ycdxsb/Vuln

Insecure permissions in Chocolatey Cmder package v1.3.20 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\Cmder and all files located in that folder.

CVE-2022-45301: Vuln/ruby-weak-permission-vuln.md at main · ycdxsb/Vuln

Insecure permissions in Chocolatey Ruby package v3.1.2.1 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\ruby31 and all files located in that folder.