New PowerExchange Backdoor Used in Iranian Cyber Attack on UAE Government

An unnamed government entity associated with the United Arab Emirates U.A.E. was targeted by a likely Iranian threat actor to breach the victim's Microsoft Exchange Server with a "simple yet effective" backdoor dubbed PowerExchange. According to a new report from Fortinet FortiGuard Labs, the...

CVE-2023-31748

Insecure permissions in MobileTrans v4.0.11 allows attackers to escalate privileges to local admin via replacing the executable file...

Design/Logic Flaw

Insecure permissions in MobileTrans v4.0.11 allows attackers to escalate privileges to local admin via replacing the executable file...

PT-2023-23446 · Wondershare · Mobiletrans

Name of the Vulnerable Software and Affected Versions: MobileTrans version 4.0.11 Description: The issue is related to insecure permissions, allowing attackers to escalate privileges to local admin. This can be achieved by replacing the executable file, potentially leading to unauthorized access...

CVE-2023-31748

Insecure permissions in MobileTrans v4.0.11 allows attackers to escalate privileges to local admin via replacing the executable file...

CVE-2023-30382

A buffer overflow in the component hl.exe of Valve Half-Life up to 5433873 allows attackers to execute arbitrary code and escalate privileges by supplying crafted parameters...

PT-2023-22667 · Valve · Half-Life

Name of the Vulnerable Software and Affected Versions: Valve Half-Life versions up to 5433873 Description: A buffer overflow in the component hl.exe allows attackers to execute arbitrary code and escalate privileges by supplying crafted parameters. Recommendations: For versions up to 5433873,...

MobileTrans 4.0.11 - Weak Service Privilege Escalation

Exploit Title :MobileTrans 4.0.11 - Weak Service Privilege Escalation Date: 20 May 2023 Exploit Author: Thurein Soe Vendor Homepage: https://mobiletrans.wondershare.com/ Software Link: https://mega.nz/file/0Et0ybRSl69LRlvwrwmqDfPGKlHaJ5LmbeKJuwH0xYKD8nSVg Version: MobileTrans version 4.0.11 Teste...

CVE-2023-29838

Insecure Permission vulnerability found in Botkind/Siber Systems SyncApp v.19.0.3.0 allows a local attacker toe escalate privileges via the SyncService.exe file...

Siber Systems GoodSync 安全漏洞

Siber Systems GoodSync is reliable and powerful automatic file synchronization software from Siber Systems. A security vulnerability exists in Siber Systems GoodSync version v.19.0.3.0. An attacker exploits the vulnerability to escalate privileges via the SyncService.exe file...

CVE-2023-33240

Foxit PDF Reader 12.1.1.15289 and earlier and Foxit PDF Editor 12.1.1.15289 and all previous 12.x versions, 11.2.5.53785 and all previous 11.x versions, and 10.1.11.37866 and earlier on Windows allows Local Privilege Escalation when installed to a non-default directory because unprivileged users...

Default credentials

Foxit PDF Reader 12.1.1.15289 and earlier and Foxit PDF Editor 12.1.1.15289 and all previous 12.x versions, 11.2.5.53785 and all previous 11.x versions, and 10.1.11.37866 and earlier on Windows allows Local Privilege Escalation when installed to a non-default directory because unprivileged users...

Foxit PDF Reader 和 Editor 安全漏洞

Foxit PDF Reader and Foxit PDF Editor are both products of Foxit Corporation of China.Foxit PDF Reader is a PDF reader.Foxit PDF Editor is a PDF editor. A security vulnerability exists in Foxit PDF Reader and Foxit PDF Editor, which originates from an executable text that can be accessed by...

PT-2023-24236

Name of the Vulnerable Software and Affected Versions Foxit PDF Reader versions 12.1.1.15289 and earlier Foxit PDF Editor versions 12.1.1.15289 and all previous 12.x versions, 11.2.5.53785 and all previous 11.x versions, and 10.1.11.37866 and earlier Description The issue allows Local Privilege...

kernel: Executable Space Protection Bypass

A vulnerability was found in the Linux kernel when certain binary files have the exec-all attribute with gcc. This issue can cause the execution of bytes located in the non-executable regions of a file...

kernel: Executable Space Protection Bypass

A vulnerability was found in the Linux kernel when certain binary files have the exec-all attribute with gcc. This issue can cause the execution of bytes located in the non-executable regions of a file...

Webroot Secure Anywhere 安全漏洞

Webroot Secure Anywhere is a comprehensive antivirus program from Webroot USA. A security vulnerability exists in Webroot Secure Anywhere Endpoint Protection CE 23.1 v.9.0.33.39 and prior versions, which originated from a vulnerability that allows local attackers to access sensitive information v...

PT-2023-20632 · Digitalpersona · Digitalpersona Fpsensor

Name of the Vulnerable Software and Affected Versions: DigitalPersona FPSensor version 1.0.0.1 Description: A problematic issue has been found in the processing of the file C:Program Files x86FPSensorbinDpHost.exe, leading to an unquoted search path. This issue requires local attacking to be...

CVE-2021-45345

Buffer Overflow vulnerability found in En3rgy WebcamServer v.0.5.2 allows a remote attacker to cause a denial of service via the WebcamServer.exe file...

CVE-2023-30237

CyberGhostVPN Windows Client before v8.3.10.10015 was discovered to contain a DLL injection vulnerability via the component Dashboard.exe...