73 matches found
EUVD-2018-9522
Malware in sbrugna...
EUVD-2010-1283
Malware in sbrugna...
EUVD-2003-0360
Malware in sbrugna...
CVE-2025-57392
BenimPOS Masaustu 3.0.x is affected by insecure file permissions. The application installation directory grants Everyone and BUILTIN\Users groups FILEALLACCESS, allowing local users to replace or modify .exe and .dll files. This may lead to privilege escalation or arbitrary code execution upon...
CVE-2025-57392
BenimPOS Masaustu 3.0.x is affected by insecure file permissions. The installation directory grants Everyone and BUILTIN\Users FILE_ALL_ACCESS, enabling local users to replace or modify .exe/.dll files. This can lead to privilege escalation or arbitrary code execution on launch by another user or...
CVE-2025-57846
Multiple i-フィルター products contain an issue with incorrect default permissions. If this vulnerability is exploited, a local authenticated attacker may replace a service executable on the system where the product is running, potentially allowing arbitrary code execution with SYSTEM privileges...
pkg security vulnerability
npm pkg is a library from npm that packages Node.js projects into executables. A security vulnerability exists in pkg 5.8.1 and earlier, which stems from the fact that any native code package pkg built writes to a hardcoded directory, and can be exploited by an attacker to replace a genuine...
CVE-2023-31748
Insecure permissions in MobileTrans v4.0.11 allows attackers to escalate privileges to local admin via replacing the executable file...
PT-2023-23446 · Wondershare · Mobiletrans
Name of the Vulnerable Software and Affected Versions: MobileTrans version 4.0.11 Description: The issue is related to insecure permissions, allowing attackers to escalate privileges to local admin. This can be achieved by replacing the executable file, potentially leading to unauthorized access...
Trellix Agent 安全漏洞
Trellix Agent is a client component of FireEye USA Trellix, Inc. provides secure communication between McAfee ePolicy Orchestrator McAfee ePO and hosted products. A security vulnerability exists in Trellix Agent 5.7.8 and earlier versions that originates from an elevation of privilege that allows...
Ip-label Newtest 数据伪造问题漏洞
Ip-label Newtest is Ip-label's system for measuring the quality of critical applications from the end-user's perspective. A security vulnerability in Ip-label Newtest versions prior to v8.5R0, which stems from its Robot application's use of weak signature checking on binaries that are about to be...
SAP Host Agent Access Control Error Vulnerability
SAP Host Agent is a set of agent programs from SAP that supports a number of lifecycle management tasks such as operating system monitoring, database monitoring and system instance monitoring. An Access Control Error vulnerability exists in SAP Host Agent versions 7.21 and 7.22, which arises from...
CVE-2023-0012
In SAP Host Agent Windows - versions 7.21, 7.22, an attacker who gains local membership to SAPLocalAdmin could be able to replace executables with a malicious file that will be started under a privileged account. Note that by default all user members of SAPLocaAdmin are denied the ability to logo...
PT-2023-15947 · Sap · Sap Host Agent
Name of the Vulnerable Software and Affected Versions: SAP Host Agent Windows versions 7.21, 7.22 Description: An attacker who gains local membership to SAP LocalAdmin could replace executables with a malicious file that will be started under a privileged account. This can only occur if the syste...
Trojan-Mailfinder.Win32.VB.p MVID-2022-0616 Insecure Permissions
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/20e438d84aa2828826d52540d80bf7f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Mailfinder.Win32.VB.p Vulnerability: Insecure Permissions Description: The malware...
Canonical Apport 竞争条件问题漏洞
Canonical Apport is a toolkit from Canonical UK that collects and feeds error messages information that the operating system considers useful when an application crashes. Canonical Apport suffers from a Competing Conditions Issue vulnerability that arises from Apport incorrectly detecting whether...
CVE-2022-26839
Delta Electronics DIAEnergie All versions prior to 1.8.02.004 is vulnerable to an incorrect default permission in the DIAEnergie application, which may allow an attacker to plant new files such as DLLs or replace existing executable files...
CVE-2021-45460
A vulnerability has been identified in SICAM PQ Analyzer All versions V3.18. A service is started by an unquoted registry entry. As there are spaces in this path, attackers with write privilege to those directories might be able to plant executables that will run in place of the legitimate proces...
CVE-2021-44466
Bitmask Riseup VPN 0.21.6 contains a local privilege escalation flaw due to improper access controls. When the software is installed with a non-default installation directory off of the system root, the installer fails to properly set ACLs. This allows lower privileged users to replace the VPN...
Bitmask 权限许可和访问控制问题漏洞
Bitmask is an open source application that provides simple and secure encrypted communication via VPN.An access control error vulnerability exists in Bitmask Riseup VPN, which stems from a failure to properly handle ACLs when the product is installed in a non-default directory.An attacker could...