CVE-2023-21313

In Core, there is a possible way to forward calls without user knowledge due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Privilege escalation

In Core, there is a possible way to forward calls without user knowledge due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-21313

In Core, there is a possible way to forward calls without user knowledge due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2021-44122

SPIP 4.0.0 is affected by a Cross Site Request Forgery CSRF vulnerability in ecrire/public/aiguiller.php, ecrire/public/balises.php, ecrire/balise/formulaire.php. To exploit the vulnerability, a visitor must visit a malicious website which redirects to the SPIP website. It is also possible to...

svn_users

This plugin greps every page for users of the versioning system. Sometimes the HTML pages are versioned using CVS or SVN, if the header of the versioning system is saved as a comment in this page, the user that edited the page will be saved on that header and will be added to the knowledge base...

Social network poisoning - They are Following you Everywhere !

Note : This Article is taken from Most Comprehensive and Informative IT Security Magazine by The Hacker News - December Edition Download Here "Be Social" is the imperative of the last years. We live alternative lives, weave dense networks of relationships; we feel the irrepressible urge to be par...

Tips for Diminishing Botnet Attacks

Online, the biggest battle these days is against botnets: networks of infected computers which hackers can use — unbeknownst to the machine’s owner — for online crimes including sending out spam or launching a denial of service attack. The black-hat techniques employed to snare users into a botne...

eRoom 6.0 PlugIn - Insecure File Download Handling

source: https://www.securityfocus.com/bid/14176/info The eRoom plug-in is prone to an insecure file download handling vulnerability. The issue is due to a design fault, where files that are shared by users are apparently passed to default file handlers when downloaded. This can occur without user...

Security Update for Microsoft .NET Framework 4.5 on Windows 7, Vista, Server 2008, and Server 2008 R2 for x64 (KB2804582)

A security issue has been identified that could allow an attacker to misrepresent a system action or behavior without the knowledge of the user. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system...