CVE-2018-1000502

MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel Tools and Maintenance - Task Manager - Add New Task that can result in Allows Local File Inclusion on modern PHP versions and Remote File Inclusion on ancient PHP versions. This attack appear to be exploitable via Must have...

Design/Logic Flaw

MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel Tools and Maintenance - Task Manager - Add New Task that can result in Allows Local File Inclusion on modern PHP versions and Remote File Inclusion on ancient PHP versions. This attack appear to be exploitable via Must have...

CVE-2018-1000502

The CVE-2018-1000502 in MyBB concerns a File Inclusion vulnerability in the Admin panel (Tools and Maintenance → Task Manager → Add New Task). The issue allows Local File Inclusion on newer PHP versions and Remote File Inclusion on older PHP versions when an attacker has admin access. Affected so...

CVE-2018-1000502

MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel Tools and Maintenance - Task Manager - Add New Task that can result in Allows Local File Inclusion on modern PHP versions and Remote File Inclusion on ancient PHP versions. This attack appear to be exploitable via Must have...

WFICA32.exe Shows 100% CPU usage in Task Manager

WFICA32.exe on client shows 100% CPU usage in Task Manager...

Don’t be a Coinmining Zombie – Part 2: How Do You Protect Yourself from being Cryptojacked?

Safe behaviors to protect yourself from cryptojacking follow the familiar rules you should adhere to every day to protect yourself against viruses, worms, bots, and malware, including ransomware, which are typically pushed to you through phishing techniques and social engineering: | Strengthen yo...

January 3, 2018—KB4056892 (OS Build 16299.192)

January 3, 2018—KB4056892 OS Build 16299.192 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses issue that may uninstall some Microsoft Store apps on systems that have KB4054517...

Authentication flaw

InFocus Mondopad 2.2.08 is vulnerable to authentication bypass when accessing uploaded files by entering Control-Alt-Delete, and then using Task Manager to reach a file...

CVE-2017-14972

InFocus Mondopad 2.2.08 is vulnerable to authentication bypass when accessing uploaded files by entering Control-Alt-Delete, and then using Task Manager to reach a file...

CVE-2017-14972

InFocus Mondopad 2.2.08 is vulnerable to authentication bypass when accessing uploaded files by entering Control-Alt-Delete, and then using Task Manager to reach a file...

CVE-2017-14972

InFocus Mondopad 2.2.08 is vulnerable to authentication bypass when accessing uploaded files by entering Control-Alt-Delete, and then using Task Manager to reach a file...

[SECURITY] Fedora 27 Update: php-horde-nag-4.2.17-1.fc27

Nag is a web-based application built upon the Horde Application Framework which provides a simple, clean interface for managing online task lists i.e., todo lists. It also includes strong integration with the other Horde applications and allows users to share task lists or enable light-weight...

The vulnerability of the Task Manager service of the AmosConnect email delivery management system allows a perpetrator to execute arbitrary commands on the operating system’s host platform.

The vulnerability of the AmosConnect email delivery system management service is related to the use of immutable, pre-installed system accounts. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain full administrative privileges and execute arbitrary commands on the...

Hardcoded credentials

Hard-coded credentials in AmosConnect 8 allow remote attackers to gain full administrative privileges, including the ability to execute commands on the Microsoft Windows host platform with SYSTEM privileges by abusing AmosConnect Task Manager...

CVE-2017-3222

Hard-coded credentials in AmosConnect 8 allow remote attackers to gain full administrative privileges, including the ability to execute commands on the Microsoft Windows host platform with SYSTEM privileges by abusing AmosConnect Task Manager...

CVE-2017-3222

Hard-coded credentials in AmosConnect 8 allow remote attackers to gain full administrative privileges, including the ability to execute commands on the Microsoft Windows host platform with SYSTEM privileges by abusing AmosConnect Task Manager...

CVE-2017-3222

CVE-2017-3222 relates to AmosConnect 8, where hard-coded credentials allow remote attackers to gain full administrative privileges and execute commands with SYSTEM privileges on the Windows host via AmosConnect Task Manager. The surrounding docs note an accompanying backdoor account and that Amos...

WordPress Task Manager Pro plugin <=1.3.1 - Multiple Authenticated Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Cross-Site Scripting XSS vulnerabilities found in WordPress Task Manager Pro premium plugin version 1.3.1 and earlier versions by 8bitsec. Solution 2017.07.29 - We were unable to find information about patched release of WordPress Task Manager Pro plugin. The last record on...

WordPress Task Manager Pro <= 1.3.1 - Authenticated SQL Injection

Blind SQL Injection on task-details page task parameter. Logged as a follower: https://localhost/wp/wp-admin/admin.php?page=task-details&task=6+and+sleep1+and+1%3D1...

Task Manager Pro <= 1.3.1 - Authenticated Cross-Site Scripting (XSS)

Multiple authenticated XSS vulnerabilities found logged as a low privileged user. Authenticated Stored XSS: Logged as a follower, the lowest privileged user. Write the payload in the 'Add a comment' section Authenticated Reflected XSS On task-edit, task-details, project-details pages:...