PT-2023-21333 · Wondershare · Wondershare Anireel

Name of the Vulnerable Software and Affected Versions: Wondershare Anireel version 1.5.4 Description: An issue in Wondershare Anireel allows a remote attacker to execute arbitrary commands via the anireel setup full9589.exe file. Recommendations: For Wondershare Anireel version 1.5.4, consider...

Wondershare 代码问题漏洞

Wondershare is a data transfer tool. A security vulnerability exists in Wondershare Dr. Fone that originates from a command that can be executed remotely via drfonesetupfull3360.exe...

Zyrex Popup < 1.1 - Admin+ Arbitrary File Upload

The plugin does not validate the type of files uploaded when creating a popup, allowing a high privileged user such as an Administrator to upload arbitrary files, even when modifying the file system is disallowed, such as in a multisite install. Create a new popup by filling in anything in the...

PT-2023-21329 · Wondershare · Democreator

Name of the Vulnerable Software and Affected Versions: Wondershare DemoCreator version 6.0.0 Description: An issue in DemoCreator allows a remote attacker to execute arbitrary commands via the democreator setup full7743.exe file. Recommendations: For version 6.0.0, consider removing or restrictin...

CVE-2023-0975

A vulnerability exists in Trellix Agent for Windows version 5.7.8 and earlier, that allows local users, during install/upgrade workflow, to replace one of the Agent’s executables before it can be executed. This allows the user to elevate their permissions...

Trellix Agent 安全漏洞

Trellix Agent is a client component of FireEye USA Trellix, Inc. provides secure communication between McAfee ePolicy Orchestrator McAfee ePO and hosted products. A security vulnerability exists in Trellix Agent 5.7.8 and earlier versions that originates from an elevation of privilege that allows...

NetIQ/Microfocus Performance Endpoint v5.1 - remote root/SYSTEM exploit

/ Exploit Title: NetIQ/Microfocus Performance Endpoint v5.1 - remote root/SYSTEM exploit Date: Jun 2007 Exploit Author: mu-b Vendor Homepage: https://www.microfocus.com/en-us/cyberres/identity-access-management Version: All Tested on: Windows / Solaris x86/SPARC CVE : 0day endpoint-pown-uni.c...

Trojanized TOR Browser Installers Spreading Crypto-Stealing Clipper Malware

Trojanized installers for the TOR anonymity browser are being used to target users in Russia and Eastern Europe with clipper malware designed to siphon cryptocurrencies since September 2022. "Clipboard injectors ... can be silent for years, show no network activity or any other signs of presence...

SUSE CVE-2021-43312

A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf64::invertptdynamic at plxelf.cpp:5239...

Design/Logic Flaw

pymedusa is an automatic video library manager for TV Shows. In versions prior 1.0.12 an attacker with access to the web interface can update the git executable path in /config/general/ advanced settings with arbitrary OS commands. An attacker may exploit this vulnerability to take execute...

CVE-2023-25909 HGiga Inc. OAKlouds - Arbitrary File Upload

HGiga OAKlouds file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary command or disrupt service...

CVE-2023-28818

An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. The application upgrade process included unsigned files that could be exploited and result in a customer installing unauthentic components. A malicious actor could install rogue Collector executable files aptare.jar or...

Design/Logic Flaw

An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. The application upgrade process included unsigned files that could be exploited and result in a customer installing unauthentic components. A malicious actor could install rogue Collector executable files aptare.jar or...

UPX 安全漏洞

UPX is a portable and extensible executable compression program. A security vulnerability exists in UPX, which stems from function PackLinuxElf32::invertptdynamic in plxelf.cpp:1688 that causes the "bucket" variable to point to an inaccessible address...

CVE-2023-28818

An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. The application upgrade process included unsigned files that could be exploited and result in a customer installing unauthentic components. A malicious actor could install rogue Collector executable files aptare.jar or...

CVE-2023-28818

CVE-2023-28818 affects Veritas NetBackup IT Analytics 11.x prior to 11.2.0. The upgrade process permits unsigned files, enabling a attacker to install rogue Collector executables (aptare.jar or upgrademanager.zip) on the Portal server, which could be downloaded and installed on collectors, compro...

JVN#35246979: ELECOM WAB-MAT registers its windows service executable with an unquoted file path

WAB-MAT provided by ELECOM CO.,LTD. is Access Point Management Tool for corporate users. WAB-MAT registers its windows service executable with an unquoted file path CWE-428. Impact If a malicious executable is placed on a certain path, it may be executed with the privilege of the Windows service...

The vulnerability of the ThinServer.exe executable file of the Rockwell Automation ThinManager centralized application management platform allows a attacker to re-write arbitrary files and execute arbitrary code.

The vulnerability of the ThinServer.exe executable file of the ThinServer component of Rockwell Automation’s ThinManager centralized application management platform is related to errors in processing the relative path to the restricted access directory. Exploiting this vulnerability could allow a...

CVE-2020-19786

File upload vulnerability in CSKaza CSZ CMS v.1.2.2 fixed in v1.2.4 allows attacker to execute aritrary commands and code via crafted PHP file...

The vulnerability lies in the executable file IGSSdataServer.exe of the SCADA system’s data server, IGSS Data Server, as well as the executable file DashBoard.exe of the IGSS Dashboard. Additionally, the RMS16.dll library from the report module Custom Reports allows a hacker to delete arbitrary data.

The vulnerability of the IGSSdataServer.exe executable of the SCADA system’s data server, the DashBoard.exe executable of the IGSS Dashboard, and the RMS16.dll library of the report module Custom Reports is related to the absence of authentication for a critical function. Exploiting this...