Lucene search
K

62 matches found

Prion
Prion
added 2021/12/13 4:15 a.m.14 views

Code injection

An issue was discovered in Reprise RLM 14.2. When editing the license file, it is possible for an admin user to enable an option to run arbitrary executables, as demonstrated by an ISV demo "C:\Windows\System32\calc.exe" entry. An attacker can exploit this to run a malicious binary on startup, or...

9CVSS7.7AI score0.02146EPSS
Exploits4References2Affected Software1
Cvelist
Cvelist
added 2021/12/13 3:33 a.m.46 views

CVE-2021-44153

An issue was discovered in Reprise RLM 14.2. When editing the license file, it is possible for an admin user to enable an option to run arbitrary executables, as demonstrated by an ISV demo "C:\Windows\System32\calc.exe" entry. An attacker can exploit this to run a malicious binary on startup, or...

7.6AI score0.02005EPSS
Exploits3References2
CVE
CVE
added 2021/12/13 3:33 a.m.61 views

CVE-2021-44153

CVE-2021-44153 affects Reprise License Manager (RLM) 14.2. An admin user can enable an option while editing the license file to run arbitrary executables, demonstrated by the ISV entry using calc.exe. An attacker can exploit this to run a malicious binary on startup or when triggering the Reread/...

9CVSS7.6AI score0.02005EPSS
Exploits3References2Affected Software1
0day.today
0day.today
added 2021/12/08 12:0 a.m.352 views

Reprise License Manager 14.2 Remote Binary Execution Vulnerability

Product: Reprise License Manager 14.2 Vendor: Reprise Software CVE ID: CVE-2021-44153 Vulnerability Title: Authenticated Remote Binary Execution Severity: High Authors: Mark Staal Steenberg, Bilal El Ghoul, Gionathan Armando Reale, Andreas Fyhn Andersen, Oliver Lind Nordestgaard Introduction: Whe...

9.3CVSS0.6AI score0.02146EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/12/08 12:0 a.m.469 views

Reprise License Manager 14.2 Remote Binary Execution

Product: Reprise License Manager 14.2 Vendor: Reprise Software CVE ID: CVE-2021-44153 Vulnerability Title: Authenticated Remote Binary Execution Severity: High Authors: Mark Staal Steenberg, Bilal El Ghoul, Gionathan Armando Reale, Andreas Fyhn Andersen, Oliver Lind Nordestgaard Date: 2021-11-25...

9.3CVSS0.2AI score0.02146EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/10/05 12:0 a.m.375 views

HEUR.Trojan.Win32.Generic Unquoted Service Path

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/2e4b6c5bd907995f6fd40c5eeab5c6e9.txt Contact: [email protected] Media: twitter.com/malvuln Threat: HEUR.Trojan.Win32.Generic Vulnerability: Insecure Service Path Description: The malware creates a...

0.3AI score
Exploits0
CNNVD
CNNVD
added 2021/03/12 12:0 a.m.5 views

DELL Dell SupportAssist Client 代码问题漏洞

Dell SupportAssist for Business PCs is a client application for enterprise PCs. Dell SupportAssist for Home PCs is a client application for home PCs that provides automated, proactive and predictive techniques for troubleshooting and more. Dell SupportAssist for Home PCs and Dell SupportAssist fo...

7.8CVSS6.1AI score0.00342EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/08/12 12:21 p.m.21 views

CVE-2020-6932

An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Development Platform versions 6.4.0 to 6.6.0 could allow an attacker to potentially read arbitrary files and run arbitrary executables in the context of the web server...

10CVSS9.4AI score0.03589EPSS
Exploits0References1
OSV
OSV
added 2020/06/01 7:15 a.m.5 views

CVE-2020-4020

The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that the Companion App is connected to, execute arbitrary .exe files via a Protection Mechanism Failure...

7.2CVSS6AI score0.01669EPSS
Exploits0References1
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/03/20 8:59 a.m.46 views

PrivEsc in Lenovo Vantage. Two minutes later

TL;DR The latest and greatest Lenovo Vantage software which ships with the most recent Lenovo devices is affected by a privilege escalation vulnerability. Whilst Vantage has been released since circa 2016, the software replaced Lenovo Solutions Centre LSC as the recommended platform management an...

7.2CVSS7.4AI score0.00412EPSS
Exploits0
Penetration Testing Lab
Penetration Testing Lab
added 2020/01/13 8:4 a.m.56 views

Persistence – Image File Execution Options Injection

Image File Execution Options is a Windows registry key which enables developers to attach a debugger to an application and to enable "GlobalFlag" for application debugging. This behavior of Windows opens the door for persistence since an arbitrary executable can be used as a debugger of a specifi...

6AI score
Exploits0
NVD
NVD
added 2019/10/08 8:15 p.m.36 views

CVE-2019-3980

The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login and upload and execute an arbitrary executable run...

10CVSS9.8AI score0.0518EPSS
Exploits4References2
Kitploit
Kitploit
added 2019/09/11 12:0 p.m.137 views

Metame - Metame Is A Metamorphic Code Engine For Arbitrary Executables

metame is a simple metamorphic code engine for arbitrary executables. From Wikipedia: Metamorphic code is code that when run outputs a logically equivalent version of its own code under some interpretation. This is used by computer viruses to avoid the pattern recognition of anti-virus software...

7.6AI score
Exploits0References1
OSV
OSV
added 2019/07/05 2:15 p.m.3 views

CVE-2019-5981

Improper authorization vulnerability in VAIO Update 7.3.0.03150 and earlier allows an attackers to execute arbitrary executable file with administrative privilege via unspecified vectors...

7.8CVSS6AI score0.00944EPSS
Exploits0References2
Prion
Prion
added 2019/04/18 8:29 p.m.11 views

Remote code execution

Dell SupportAssist Client versions prior to 3.2.0.90 contain a remote code execution vulnerability. An unauthenticated attacker, sharing the network access layer with the vulnerable system, can compromise the vulnerable system by tricking a victim user into downloading and executing arbitrary...

7.9CVSS8.2AI score0.16145EPSS
Exploits0References1Affected Software1
0day.today
0day.today
added 2017/09/15 12:0 a.m.141 views

IBM Infosphere Information Server / Datastage 11.5 Command Execution / Bypass Vulnerabilities

IBM Infosphere Information Server / Datastage versions 9.1, 11.3, and 11.5 including Cloud version 11.5 suffer from bypass, XML external entity injection, DLL side loading, and various other vulnerabilities. title: Multiple Vulnerabilities product: IBM Infosphere Information Server / Datastage...

6.8CVSS6.2AI score0.02718EPSS
Exploits2
Packet Storm
Packet Storm
added 2017/09/15 12:0 a.m.89 views

IBM Infosphere Information Server / Datastage 11.5 Command Execution / Bypass

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: IBM Infosphere Information Server / Datastage vulnerable version: 9.1, 11.3, and 11.5 including Cloud version 11.5 fixed version: - CVE...

6.8CVSS0.5AI score0.02718EPSS
Exploits2
Zero Day Initiative
Zero Day Initiative
added 2015/07/20 12:0 a.m.26 views

Microsoft Internet Explorer EditWith Broker API Sandbox Escape Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer running in either Protected Mode or Enhanced Protected Mode. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...

4.6CVSS6.6AI score0.12426EPSS
Exploits0References1
OSV
OSV
added 2013/10/29 12:0 a.m.5 views

PSF-2013-3 CGI directory traversal (URL parsing)

An error in separating the path and filename of the CGI script to run in http.server.CGIHTTPRequestHandler allows running arbitrary executables in the directory under which the server was started...

7.1AI score
Exploits0References1
Check Point Advisories
Check Point Advisories
added 2010/03/10 12:0 a.m.11 views

Norton Internet Security ActiveX Command Execution (CVE-2004-0364)

Norton Internet Security is a security solution produced by Symantec corporation. There exists a vulnerability within Norton Internet Security that allows a remote attacker to run arbitrary executables on the target system through a malicious call to a certain method of a vulnerable ActiveX...

7.5CVSS6.4AI score0.03733EPSS
Exploits0
Rows per page
Query Builder