#windows

There is an architectural and design issue in Microsoft's PlayReady which can be successfully exploited to gain access to license server by arbitrary clients. The problem has its origin in flat certificate namespace / reliance on a single root key in PlayReady along with no authentication at the license server end by default (deemed as no bug by Microsoft).

Giftora version 1.0 suffers from a cross site request forgery vulnerability.

Gas Agency Management version 2022 suffers from a remote shell upload vulnerability.

Farmacia Gama version 1.0 Farmacia Gama version 1.0 suffers from a cross site request forgery vulnerability.

Employees Pay Slip PDF Generator System version 1.0 suffers from a cross site request forgery vulnerability.

Bakery Shop Management System version 1.0 suffers from a cross site request forgery vulnerability.

Cybersecurity researchers have discovered two security flaws in Microsoft's Azure Health Bot Service that, if exploited, could permit a malicious actor to achieve lateral movement within customer environments and access sensitive patient data. The critical issues, now patched by Microsoft, could have allowed access to cross-tenant resources within the service, Tenable said in a new report shared

**According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?** This attack requires an admin user on the client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

**According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability?** An attacker who successfully exploited the vulnerability could view sensitive information (Confidentiality). While the attacker can not make changes to disclosed information (Integrity) and limit access to the resource (Availability).