68 matches found
Streamline NX Client 3.5.0 - 3.7.0 MiTM (2025-000006)
The version of Streamline NX Client installed on the remote host is between 3.5.0 and 3.7.0. It is, therefore, affected by a vulnerability as referenced in the 2025-000006 advisory. It contains an issue with use of less trusted source, which may allow an attacker who can conduct a man-in-the-midd...
CVE-2025-48825
RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.7.0 contains an issue with use of less trusted source, which may allow an attacker who can conduct a man-in-the-middle attack to eavesdrop upgrade requests and execute a malicious DLL with custom code...
CVE-2025-48825
The CVE-2025-48825 affects Ricoh Streamline NX V3 PC Client, versions 3.5.0–3.7.0. The issue is use of a less trusted source, enabling a local-MITM attacker to eavesdrop upgrade requests and execute a malicious DLL with custom code. Impact is limited to scenarios where an attacker can position th...
Multiple vulnerabilities in RICOH Streamline NX PC Client
Overview RICOH Streamline NX PC Client provided by Ricoh Company, Ltd. contains multiple vulnerabilities listed below. External control of file name or path CWE-73 - CVE-2025-36506 Path traversal CWE-22 - CVE-2025-46783 Use of less trusted source CWE-348 - CVE-2025-48825 Ricoh Company, Ltd...
CVE-2023-28872
Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL files with SYSTEM privileges by creating a symbolic link from a %LOCALAPPDATA%\Temp\NcpSupport location...
CVE-2023-28353
An issue was discovered in Faronics Insight 10.0.19045 on Windows. An unauthenticated attacker is able to upload any type of file to any location on the Teacher Console's computer, enabling a variety of different exploitation paths including code execution. It is also possible for the attacker to...
CVE-2019-10971
The application Network Configurator for DeviceNet Safety 3.41 and prior searches for resources by means of an untrusted search path that could execute a malicious .dll file not under the application's direct control and outside the intended directories...
CVE-2025-22894
Unprotected Windows messaging channel 'Shatter' issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker sends a specially crafted message to the specific process of the Windows system where the product is running, arbitrary files in the system may be altered. As a...
CVE-2025-22894
Unprotected Windows messaging channel 'Shatter' issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker sends a specially crafted message to the specific process of the Windows system where the product is running, arbitrary files in the system may be altered. As a...
CVE-2025-24482
A Local Code Injection Vulnerability exists in the product and version listed above. The vulnerability is due to incorrect default permissions and allows for DLLs to be executed with higher level permissions...
CVE-2025-24482
Rockwell Automation FactoryTalk View Site Edition has a Local Code Injection vulnerability due to incorrect default permissions on the remote debugger port, affecting all versions prior to 15.0. Affected functionality includes DLLs being executed with elevated privileges, potentially enabling una...
CVE-2025-24482 FactoryTalk® View Site Edition - Local Code Injection
A Local Code Injection Vulnerability exists in the product and version listed above. The vulnerability is due to incorrect default permissions and allows for DLLs to be executed with higher level permissions...
CVE-2025-24482 FactoryTalk® View Site Edition - Local Code Injection
A Local Code Injection Vulnerability exists in the product and version listed above. The vulnerability is due to incorrect default permissions and allows for DLLs to be executed with higher level permissions...
PT-2024-17005 · Autodesk · Autodesk Revit
Name of the Vulnerable Software and Affected Versions: Autodesk Revit affected versions not specified Description: The issue allows a maliciously crafted DLL file to be loaded by Autodesk Revit when placed in the same directory as an RVT file, potentially executing arbitrary code in the context o...
CVE-2024-52945
An issue was discovered in Veritas NetBackup before 10.5. This only applies to NetBackup components running on a Windows Operating System. If a user executes specific NetBackup commands or an attacker uses social engineering techniques to impel the user to execute the commands, a malicious DLL...
CVE-2024-50583
Whale browser Installer before 3.1.0.0 allows an attacker to execute a malicious DLL in the user environment due to improper permission settings...
CVE-2023-28872
Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL files with SYSTEM privileges by creating a symbolic link from a %LOCALAPPDATA%\Temp\NcpSupport location...
Design/Logic Flaw
Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL files with SYSTEM privileges by creating a symbolic link from a %LOCALAPPDATA%\Temp\NcpSupport location...
NCP Secure Enterprise Client Security Vulnerability
NCP Secure Enterprise Client is a VPN Virtual Private Network client application from NCP Germany. A security vulnerability exists in NCP Secure Enterprise Client versions prior to 13.10, which originates in Support Assistant that allows an attacker to execute DLL files with system privileges by...
CVE-2023-28872
CVE-2023-28872 affects NCP Secure Enterprise Client prior to version 13.10. The vulnerability originates in the Support Assistant component, where an attacker can cause DLLs to run with SYSTEM privileges by exploiting a symbolic link at %LOCALAPPDATA%\Temp\NcpSupport*. Impact: potential privilege...