#windows

An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead to an unintended security configuration and can permit privilege escalation in certain configurations. The documentation does not advise against the use of passdb definitions that have the same driver and args settings. One such configuration would be where an administrator wishes to use the same PAM configuration or passwd file for both normal and master users but use the username_filter setting to restrict which of the users is able to be a master user.

### Impact This impacts users that use Shescape (any API function) to escape arguments for **cmd.exe** on **Windows**. An attacker can omit all arguments following their input by including a line feed character (`'\n'`) in the payload. Example: ```javascript import cp from "node:child_process"; import * as shescape from "shescape"; // 1. Prerequisites const options = { shell: "cmd.exe", }; // 2. Attack const payload = "attacker\n"; // 3. Usage let escapedPayload; escapedPayload = shescape.escape(payload, options); // Or escapedPayload = shescape.escapeAll([payload], options)[0]; // Or escapedPayload = shescape.quote(payload, options); // Or escapedPayload = shescape.quoteAll([payload], options)[0]; cp.execSync(`echo Hello ${escapedPayload}! How are you doing?`, options); // Outputs: "Hello attacker" ``` > **Note**: `execSync` is just illustrative here, all of `exec`, `execFile`, `execFileSync`, `fork`, `spawn`, and `spawnSync` can be attacked using a line feed character if CM...

Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.

By Deeba Ahmed The Vault 7 leak included trojans, viruses, malware, zero-day exploits, malware remote control systems, and related documents dating… This is a post from HackRead.com Read the original post: CIA Whistleblower Found Guilty of Leaking Vault 7 Documents to WikiLeaks

Joshua Schulte has been convicted for his role in the Vault 7 Wikileaks data dump that exposed invasive US cyber intelligence tactics.

Microsoft has linked a threat that emerged in June 2021 and targets small-to-mid-sized businesses to state-sponsored actors tracked as DEV-0530.

Adobe Character Animator version 4.4.7 (and earlier) and 22.4 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Adobe Photoshop versions 22.5.7 (and earlier) and 23.3.2 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Adobe RoboHelp versions 2020.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.