Microsoft PC Manager Access Control Error Vulnerability (CNVD-2025-17139)

Microsoft PC Manager is a computer management software from Microsoft USA, which can be used for one-click acceleration, system space management, pop-up window management, and comprehensive physical examination. An access control error vulnerability exists in Microsoft PC Manager. An attacker can...

CVE-2019-17139

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2019-17139

creationtimestamp| type| source ---|---|--- 2024-01-27 15:11:41+00:00| seen| https://t.me/ctinow/174783...

CVE-2022-35866

This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery 6.5.0.17561. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MySQL server. The server uses a hard-cod...

Authentication flaw

This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery 6.5.0.17561. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MySQL server. The server uses a hard-cod...

CVE-2022-35866

Vinchin Backup and Recovery 6.5.0.17561 is affected by CVE-2022-35866. A remote attacker can bypass authentication due to a MySQL server configuration that uses a hard-coded administrator password, enabling unauthenticated access with total impact on confidentiality, integrity, and availability. ...

CVE-2022-35866

This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery 6.5.0.17561. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MySQL server. The server uses a hard-cod...

CVE-2022-35866

This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery 6.5.0.17561. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MySQL server. The server uses a hard-cod...

CVE-2020-17139 Windows Overlay Filter Security Feature Bypass Vulnerability

...

CVE-2020-17139

CVE-2020-17139 affects Windows file-system mini-filter drivers (notably the Windows Overlay Filter, WOF). The vulnerability arose from OS-added IO control/FSCTL handling changes (FSCTL_SET_REPARSE_POINT_EX) that WOF did not handle, enabling an application to attach or remove WOF IO tags and there...

Microsoft Windows Multiple Vulnerabilities (KB4592449)

This host is missing a critical security update according to Microsoft KB4592449 SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

KB4592449: Windows 10 Version 1903 and Windows 10 Version 1909 December 2020 Security Update

The remote Windows host is missing security update 4592449. It is, therefore, affected by multiple vulnerabilities: - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962,...

KB4592440: Windows 10 Version 1809 and Windows Server 2019 December 2020 Security Update

The remote Windows host is missing security update 4592440. It is, therefore, affected by multiple vulnerabilities: - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962,...

KB4592438: Windows 10 Version 2004 December 2020 Security Update

The remote Windows host is missing security update 4592438. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. CVE-2020-17095, CVE-2020-17096 - An memor...

CVE-2019-17139

Foxit PhantomPDF 9.5.0.20723 is affected by CVE-2019-17139 due to an out-of-bounds write in the HTML2PDF plugin while processing JavaScript. The flaw arises from insufficient validation of user-supplied data, enabling remote code execution in the context of the current process. Exploitation requi...

CVE-2018-17139

UltimatePOS 2.5 allows users to upload arbitrary files, which leads to remote command execution by posting to a /products URI with PHP code in a .php file with the image/jpeg content type...

CVE-2018-17139

CVE-2018-17139 affects UltimatePOS 2.5. An arbitrary file upload vulnerability allows an attacker to upload files via the /products endpoint (content-type: image/jpeg) containing PHP code, enabling remote command execution. Evidence across CNVD-2018-19402 and NVD/NVD-derived entries confirms the ...

CVE-2017-17139

CVE-2017-17139 affects Huawei Mate 9 and Mate 9 Pro devices running before MHA-AL00B/LON-AL00B 8.0.0.334(C00). The issue is an information-leak in the date service proxy implementation that can allow a user-tricked malicious app to access kernel date information, causing sensitive data exposure. ...

Security Advisory - Information Leak Vulnerability in Some Huawei Smart Phones

There is a information leak vulnerability in the date service proxy implementation of some Huawei smart phones. An attacker may trick a user into installing a malicious application and application can exploit the vulnerability to get kernel date, which may cause sensitive information leak...