CVE-2023-28140

An Executable Hijacking condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.5.3.1. Attackers may load a malicious copy of a Dependency Link Library DLL via a local attack vector instead of the DLL that the application was expecting, when processes are running with...

CVE-2023-28140

An Executable Hijacking condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.5.3.1. Attackers may load a malicious copy of a Dependency Link Library DLL via a local attack vector instead of the DLL that the application was expecting, when processes are running with...

Design/Logic Flaw

An NTFS Junction condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.8.0.31. Attackers may write files to arbitrary locations via a local attack vector. This allows attackers to assume the privileges of the process, and they may delete or otherwise on unauthorized...

Design/Logic Flaw

An Executable Hijacking condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.5.3.1. Attackers may load a malicious copy of a Dependency Link Library DLL via a local attack vector instead of the DLL that the application was expecting, when processes are running with...

CVE-2023-28141

The CVE-2023-28141 issue affects Qualys Cloud Agent for Windows prior to version 4.8.0.31 and is caused by an NTFS Junction condition. An attacker with local access can write files to arbitrary locations, potentially escalating to the privileges of the agent process and modifying or deleting sens...

CVE-2023-28141 NTFS Junction

An NTFS Junction condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.8.0.31. Attackers may write files to arbitrary locations via a local attack vector. This allows attackers to assume the privileges of the process, and they may delete or otherwise on unauthorized...

CVE-2023-28140 Executable Hijacking

An Executable Hijacking condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.5.3.1. Attackers may load a malicious copy of a Dependency Link Library DLL via a local attack vector instead of the DLL that the application was expecting, when processes are running with...

CVE-2023-28140 Executable Hijacking

An Executable Hijacking condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.5.3.1. Attackers may load a malicious copy of a Dependency Link Library DLL via a local attack vector instead of the DLL that the application was expecting, when processes are running with...

Kadavro Vector Ransomware spread as a fake Tor browser installer

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Kadavro Vector is a NoCry ransomware variant that encrypts files and demands Monero XMR cryptocurrency for decryption. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn...

PT-2023-22765 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to the latest stable and tests-passed versions Description: The issue arises from the improper sanitization of SVG files, allowing an attacker to execute arbitrary JavaScript on users' browsers by uploading a crafted...

UBUNTU-CVE-2023-30630

Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. NOTE: Some third parties have indicated the fix in 3.5 does not adequately address the vulnerability. The argument is that the proposed...

Design/Logic Flaw

Jenkins WSO2 Oauth Plugin 1.0 and earlier does not mask the WSO2 Oauth client secret on the global configuration form, increasing the potential for attackers to observe and capture it...

DNN Corp DotNetNuke 跨站脚本漏洞

DNN also known as DotNetNuke is a set of U.S. DNN by Microsoft support , based on the ASP.NET platform for open source content management system CMS. The system is easy to install , scalable , feature-rich and so on. A security vulnerability exists in DNN Corp DotNetNuke versions v7.0.0 through...

CVE-2023-29543

An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

UBUNTU-CVE-2023-29543

An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

The vulnerability of the Vector Packet Processor (VPP) platform, a microprogramming-based software solution for data packet transmission gateways in Cisco Packet Data Networks, allows a hacker to trigger a service failure.

The vulnerability of the Vector Packet Processor VPP platform, a microprogramming-based software for packet transmission networks like the Cisco Packet Data Network Gateway PGW, is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to caus...

OpenCats 跨站请求伪造漏洞

OpenCats is an open source recruitment process management system. A cross-site request forgery vulnerability exists in OpenCats version 0.9.7. An attacker could exploit this vulnerability to force a user to submit a web request via an unspecified vector...

Mozilla Firefox < 112.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 112.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-13 advisory. - Mozilla developers Randell Jesup, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported...

Microsoft Excel 365 MSO (Version 2302 Build 16.0.16130.20186) 64-bit - Remote Code Execution (RCE)

Exploit Title: Microsoft Excel 365 MSO Version 2302 Build 16.0.16130.20186 64-bit - Remote Code Execution RCE Exploit Author: nu11secur1ty Date: 03.16.2023 Vendor: https://www.microsoft.com/en-us/microsoft-365/excel Software: https://www.microsoft.com/en-us/microsoft-365/excel Reference:...

CVE-2023-20051

A vulnerability in the Vector Packet Processor VPP of Cisco Packet Data Network Gateway PGW could allow an unauthenticated, remote attacker to stop ICMP traffic from being processed over an IPsec connection. This vulnerability is due to the VPP improperly handling a malformed packet. An attacker...