Microsoft Windows COM 安全漏洞

Microsoft Windows COM is a technology for the purpose of reusing software from Microsoft Corporation USA.COM is described as a platform-independent, decentralized, object-oriented system for creating interactive binary software components. A security vulnerability exists in Microsoft Windows COM...

Microsoft Windows COM 资源管理错误漏洞

Microsoft Windows COM is a technology for the purpose of reusing software from Microsoft Corporation USA.COM is described as a platform-independent, decentralized, object-oriented system for creating interactive binary software components. A resource management error vulnerability exists in...

Topaz Signature Pad as COM Port Device Disappears after Logoff

Topaz Signature will disappear after users log off on a kiosk workstation. The environment contained: Citrix Virtual Apps and Desktops version 2203 CUx Desktop of Server VDA, any supported OS Citrix Workspace App 2402 CUx Windows 10/Windows 11...

PT-2024-36621 · Dtex · Dtex Dec-M

Name of the Vulnerable Software and Affected Versions: DTEX DEC-M DTEX Forwarder version 6.1.1 Description: An issue was discovered in the com.dtexsystems.helper service, which handles privileged operations within the macOS DTEX Event Forwarder agent. The service fails to implement critical clien...

PT-2024-36313 · Vk.Com · Vk.Com

Name of the Vulnerable Software and Affected Versions: Ilya Chekalskiy Like in Vk.com versions 0.5.2 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows stored Cross-site Scripting XSS. This means that an attacker can inject...

WordPress Like in Vk.com plugin <= 0.5.2 - CSRF to Stored Cross-Site Scripting vulnerability

CSRF to Stored Cross-Site Scripting vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Like in Vk.com versions = 0.5.2...

Windows Tooling Updates: OleView.NET

Posted by James Forshaw, Google Project Zero This is a short blog post about some recent improvements I've been making to the OleView.NET tool which has been released as part of version 1.16. The tool is designed to discover the attack surface of Windows COM and find security vulnerabilities such...

Doctor-Appointment 安全漏洞

Doctor-Appointment is a doctor's appointment system by Divyanshu Sharma Personal Developer. A security vulnerability exists in Doctor-Appointment version 1.0, which stems from /Frontend/signupcom.php containing an arbitrary file upload vulnerability...

CLSA-2024-1730917239 Update of nss

update to CKBI 2.70 from NSS 3.104 - updated certificates: - Certificate "GLOBALTRUST 2020" - Certificate "certSIGN ROOT CA" - Certificate "ACCVRAIZ1" - Certificate "OISTE WISeKey Global Root GC CA" - Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" - removed certificates:...

CVE-2024-10379

ESAFENET CDG 5 contains a path traversal where the vulnerable function is actionViewDecyptFile in /com/esafenet/servlet/client/DecryptApplicationService.java. An attacker can manipulate decryptFileId (example: ../../../Windows/System32/drivers/etc/hosts) to access files outside the web root (path...

CVE-2024-10165

A vulnerability was found in Codezips Sales Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file deletecustcom.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The explo...

WordPress GDPR-Extensions-com Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software GDPR-Extensions-com Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9072 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 51da4846a013 Credits Francesco Carlucci...

CVE-2024-5803

The AVGUI.exe of AVG/Avast Antivirus before versions before 24.1 can allow a local attacker to escalate privileges via an COM hijack in a time-of-check to time-of-use TOCTOU when self protection is disabled...

CVE-2024-5803 Local privelage escalation via COM hijacking

The AVGUI.exe of AVG/Avast Antivirus before versions before 24.1 can allow a local attacker to escalate privileges via an COM hijack in a time-of-check to time-of-use TOCTOU when self protection is disabled...

CVE-2024-5803 Local privelage escalation via COM hijacking

The AVGUI.exe of AVG/Avast Antivirus before versions before 24.1 can allow a local attacker to escalate privileges via an COM hijack in a time-of-check to time-of-use TOCTOU when self protection is disabled...

CVE-2024-5803

Affecting software: AVG/Avast Antivirus (AVGUI.exe). Vulnerability: Local privilege escalation via a COM hijack under a TOCTOU race condition when self-protection is disabled. Versions affected: before 24.1. Impact: An attacker able to exploit this locally to gain higher privileges. Root cause: C...

PT-2024-37167 · Avast · Avg/Avast Antivirus

Name of the Vulnerable Software and Affected Versions: AVG/Avast Antivirus versions prior to 24.1 Description: The issue allows a local attacker to escalate privileges via a COM hijack in a time-of-check to time-of-use TOCTOU scenario when self-protection is disabled. This occurs in the AVGUI.exe...

Avast Antivirus 安全漏洞

Avast Antivirus is a suite of antivirus software from the Czech company Avast. A security vulnerability exists in versions prior to Avast Antivirus 24.1, which stems from a vulnerability that could allow a local attacker to elevate privileges via COM hijacking during the time of check to time of...

Malicious code in tesgotestpytest-npm-com-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b5967a11e2661f28b2148fa4adc68edfa052e545caf5e0b6823865eb4655ab5f The OpenSSF Package Analysis project identified 'tesgotestpytest-npm-com-test' @ 1.999.0 npm as malicious. It is considered malicious because: -...

protobuf-java has potential Denial of Service issue

Summary When parsing unknown fields in the Protobuf Java Lite and Full library, a maliciously crafted message can cause a StackOverflow error and lead to a program crash. Reporter: Alexis Challande, Trail of Bits Ecosystem Security Team Affected versions: This issue affects all versions of both t...