CVE-2023-28348

The CVE-2023-28348 entry affects Faronics Insight version 10.0.19045. The root cause is unencrypted storage in the Teacher Console and Student Console components, enabling a nearby attacker to perform a man-in-the-middle attack by sending specially crafted HTTP requests to port 8890, intercepting...

CVE-2023-1406

The JetEngine WordPress plugin before 3.1.3.1 includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability...

CVE-2023-25909 HGiga Inc. OAKlouds - Arbitrary File Upload

HGiga OAKlouds file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary command or disrupt service...

Design/Logic Flaw

An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. The application upgrade process included unsigned files that could be exploited and result in a customer installing unauthentic components. A malicious actor could install rogue Collector executable files aptare.jar or...

CVE-2023-28818

CVE-2023-28818 affects Veritas NetBackup IT Analytics 11.x prior to 11.2.0. The upgrade process permits unsigned files, enabling a attacker to install rogue Collector executables (aptare.jar or upgrademanager.zip) on the Portal server, which could be downloaded and installed on collectors, compro...

CVE-2023-28818

An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. The application upgrade process included unsigned files that could be exploited and result in a customer installing unauthentic components. A malicious actor could install rogue Collector executable files aptare.jar or...

CertVerify - A Scanner That Files With Compromised Or Untrusted Code Signing Certificates

The CertVerify is a tool designed to detect executable files exe, dll, sys that have been signed with untrusted or leaked code signing certificates. The purpose of this tool is to identify potentially malicious files that have been signed using certificates that have been compromised, stolen, or...

Wondershare Dr.Fone 安全漏洞

Wondershare Dr. Fone is a mobile device toolkit software from China Wondershare Technology Wondershare. The software provides applications, transfer data, contacts, messages and other auxiliary functions for the device. A security vulnerability exists in Wondershare Dr.Fone v12.9.6. An attacker...

PT-2023-8667 · Unknown · Hgiga Oaklouds

Name of the Vulnerable Software and Affected Versions: HGiga OAKlouds affected versions not specified Description: The HGiga OAKlouds file uploading function does not restrict the upload of files with dangerous types. An unauthenticated remote attacker can exploit this issue to upload and run...

The Menace of TrickGate Packer-as-a-Service Spreading Malware Globally

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary TrickGate has bundled several of the most well-known top-distribution malware families, including Trickbot, Maze, Emotet, REvil, CoinMiner, Cobalt Strike, Formbook, Remcos, AgentTesla, and many others...

CVE-2022-48285

A flaw was found in the JSZip package. Affected versions of JSZip could allow a remote attacker to traverse directories on the system caused by the failure to sanitize filenames when files are loaded with loadAsync, which makes the library vulnerable to a Zip Slip attack. By extracting files from...

Foxit Reader Code Issue Vulnerability (CNVD-2023-07829)

Foxit Reader is a PDF document reader from Foxit China. Foxit Reader is vulnerable to a code issue that could be exploited by attackers to execute malicious DLL files...

PT-2022-5289 · Kaspersky · Kavremover +1

Name of the Vulnerable Software and Affected Versions: Kaspersky Endpoint Security affected versions not specified Kavremover affected versions not specified Description: The issue is related to an uncontrolled search path element in the installation file of Kaspersky Endpoint Security and the...

PT-2022-19291 · F Secure +1 · F-Secure +1

Name of the Vulnerable Software and Affected Versions: F-Secure and WithSecure products affected versions not specified Description: A Denial-of-Service issue was discovered in F-Secure and WithSecure products. The aerdl.so or aerdl.dll component may enter an infinite loop when unpacking PE files...

CVE-2022-26118

A privilege chaining vulnerability CWE-268 in FortiManager and FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3 may allow a local and authenticated attacker with a restricted shell to escalate their privileges to root due to incorrect permissions of some folders and executable...

CVE-2022-26352

An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal, in which the file is saved outside of the intended storage location. If anonymous...

Directory traversal

An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal, in which the file is saved outside of the intended storage location. If anonymous...

SAP BusinessObjects BW Publisher Service Elevation of Privilege Vulnerability

SAP BusinessObjects BW Publisher Service is a model-driven data warehouse product from SAP Germany. An elevation of privilege vulnerability exists in versions 420 and 430 of the SAP BusinessObjects BW Publisher Service, which stems from the use of search paths that contain un-referenced elements,...

FortiManager & FortiAnalyzer - Privilege escalation vulnerability

A privilege chaining vulnerability CWE-268 in FortiManager and FortiAnalyzer may allow a local and authenticated attacker with a restricted shell to escalate their privileges to root due to incorrect permissions of some folders and executable files on the system...

Is 3rd Party App Access the New Executable File?

It's no secret that 3rd party apps can boost productivity, enable remote and hybrid work and are overall, essential in building and scaling a company's work processes. An innocuous process much like clicking on an attachment was in the earlier days of email, people don't think twice when connecti...