62 matches found
CVE-2025-56513
NiceHash QuickMiner 6.12.0 perform software updates over HTTP without validating digital signatures or hash checks. An attacker capable of intercepting or redirecting traffic to the update url and can hijack the update process and deliver arbitrary executables that are automatically executed,...
CVE-2025-56513
NiceHash QuickMiner 6.12.0 perform software updates over HTTP without validating digital signatures or hash checks. An attacker capable of intercepting or redirecting traffic to the update url and can hijack the update process and deliver arbitrary executables that are automatically executed,...
CVE-2024-38305
Dell SupportAssist for Home PCs Installer exe version 4.0.3 contains a privilege escalation vulnerability in the installer. A local low-privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary executables on the operating system with...
CVE-2024-38305
Dell SupportAssist for Home PCs Installer exe version 4.0.3 contains a privilege escalation vulnerability in the installer. A local low-privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary executables on the operating system with...
Dell Repository Manager 安全漏洞
Dell Repository Manager is a data repository manager from Dell USA. A security vulnerability exists in Dell Repository Manager 3.4.2 and earlier versions, which stems from a local elevation of privilege vulnerability that allows a local, low-privilege attacker to execute arbitrary executable file...
Dell SupportAssist for Home PCs 代码问题漏洞
Dell SupportAssist for Home PCs is a client application for home computers from Dell USA. The program provides automated, proactive and predictive techniques for troubleshooting and more. A code issue vulnerability exists in Dell SupportAssist for Home PCs version 4.0.3, which stems from the...
PT-2024-27934 · Dell · Dell Supportassist
Name of the Vulnerable Software and Affected Versions: Dell SupportAssist for Home PCs Installer exe version 4.0.3 Description: A local low-privileged authenticated attacker could potentially exploit a privilege escalation vulnerability in the installer, leading to the execution of arbitrary...
CVE-2023-7235
The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows an attacker to replace binaries to run arbitrary executables...
Design/Logic Flaw
The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows an attacker to replace binaries to run arbitrary executables...
CVE-2023-7235
The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows an attacker to replace binaries to run arbitrary executables...
CVE-2023-7235
The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows an attacker to replace binaries to run arbitrary executables...
CVE-2023-7235
CVE-2023-7235 concerns the OpenVPN GUI installer prior to version 2.6.9, where the installation directory of OpenVPN binaries did not have proper access control when using a non-standard path. This weakness could allow an attacker to replace binaries and execute arbitrary code. The initial CVE en...
Dell SupportAssist for Home PCs Code Issue Vulnerability
Dell SupportAssist for Home PCs is a client application for home computers from Dell USA. The program provides automated, proactive and predictive techniques for troubleshooting and more. A security vulnerability exists in Dell SupportAssist for Home PCs version 3.14.1 and prior versions, which...
PT-2023-7872 · Unknown · Itpison Omicard Edm
Name of the Vulnerable Software and Affected Versions: ITPison OMICARD EDM affected versions not specified Description: The file uploading function in ITPison OMICARD EDM does not restrict the upload of files with dangerous types. An unauthenticated remote attacker can exploit this issue to uploa...
PT-2023-24001 · L7 Networks · L7 Networks Instantqos Iq-8000 +1
Name of the Vulnerable Software and Affected Versions: L7 Networks InstantScan IS-8000 & InstantQoS IQ-8000 affected versions not specified Description: The file uploading function in the affected devices does not properly restrict the upload of files with dangerous types. This allows an...
ITPison OMICARD EDM 代码问题漏洞
ITPison OMICARD EDM is a high-speed newsletter EDM marketing and distribution system from the Chinese company ITPison. ITPison OMICARD EDM suffers from a code issue vulnerability that originates from an unrestricted dangerous type file upload vulnerability, which can be exploited by an attacker...
CVE-2023-25909
HGiga OAKlouds file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary command or disrupt service...
Cloudflare WARP 输入验证错误漏洞
Cloudflare WARP Cloudflare Vpn is a client-side application for secure connections from Cloudflare, Inc. A security vulnerability in Cloudflare WARP, which stems from a lack of proper validation of the supporturi parameter in its client-side local settings file mdm.xml, allows an attacker to...
CVE-2022-22392
IBM Planning Analytics Local 2.0 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 222066...
CVE-2021-44153
An issue was discovered in Reprise RLM 14.2. When editing the license file, it is possible for an admin user to enable an option to run arbitrary executables, as demonstrated by an ISV demo "C:\Windows\System32\calc.exe" entry. An attacker can exploit this to run a malicious binary on startup, or...