PT-2023-13785 · L Soft · Listserv 17

Name of the Vulnerable Software and Affected Versions: LISTSERV 17 Description: The LISTSERV 17 web interface is affected by an issue that allows remote attackers to conduct Insecure Direct Object References IDOR attacks. This is achieved via a modified email address in a "wa.exe" URL, resulting ...

CVE-2022-4258

In multiple versions of HIMA PC based Software an unquoted Windows search path vulnerability might allow local users to gain privileges via a malicious .exe file and gain full access to the system...

CVE-2022-4258 Hima: Unquoted path vulnerabilities in HIMA PC based Software

In multiple versions of HIMA PC based Software an unquoted Windows search path vulnerability might allow local users to gain privileges via a malicious .exe file and gain full access to the system...

HIMA Paul Hildebrandt X-OPC 、X-OTS 代码问题漏洞

HIMA Paul Hildebrandt X-OPC and HIMA Paul Hildebrandt X-OTS are both products of HIMA Paul Hildebrandt, Inc.HIMA Paul Hildebrandt X-OPC is an intelligent security platform.HIMA Paul Hildebrandt X-OTS is a security simulator. -OTS is a safety simulator. A code issue vulnerability exists in HIMA Pa...

PT-2023-14140 · Hima · Hima Pc Based

Name of the Vulnerable Software and Affected Versions: HIMA PC based Software affected versions not specified Description: The issue is related to an unquoted Windows search path vulnerability. This might allow local users to gain privileges via a malicious .exe file, potentially gaining full...

AVIator - Antivirus Evasion Project

AviAtor Ported to NETCore 5 with an updated UI AV|Ator About ://name AV : AntiVirus Ator : Is a swordsman, alchemist, scientist, magician, scholar, and engineer, with the ability to sometimes produce objects out of thin air https://en.wikipedia.org/wiki/Ator About ://purpose AV|Ator is a backdoor...

SAP Host Agent Access Control Error Vulnerability

SAP Host Agent is a set of agent programs from SAP that supports a number of lifecycle management tasks such as operating system monitoring, database monitoring and system instance monitoring. An Access Control Error vulnerability exists in SAP Host Agent versions 7.21 and 7.22, which arises from...

CVE-2022-4428

supporturi parameter in the WARP client local settings file mdm.xml lacked proper validation which allowed for privilege escalation and launching an arbitrary executable on the local machine upon clicking on the "Send feedback" option. An attacker with access to the local file system could use a...

Privilege escalation

supporturi parameter in the WARP client local settings file mdm.xml lacked proper validation which allowed for privilege escalation and launching an arbitrary executable on the local machine upon clicking on the "Send feedback" option. An attacker with access to the local file system could use a...

CVE-2022-4428 support_uri validation missing in WARP client for Windows

supporturi parameter in the WARP client local settings file mdm.xml lacked proper validation which allowed for privilege escalation and launching an arbitrary executable on the local machine upon clicking on the "Send feedback" option. An attacker with access to the local file system could use a...

CVE-2022-4428 support_uri validation missing in WARP client for Windows

supporturi parameter in the WARP client local settings file mdm.xml lacked proper validation which allowed for privilege escalation and launching an arbitrary executable on the local machine upon clicking on the "Send feedback" option. An attacker with access to the local file system could use a...

PT-2023-14443 · Cloudflare · Warp Client

Name of the Vulnerable Software and Affected Versions: WARP client affected versions not specified Description: The support uri parameter in the WARP client local settings file mdm.xml lacked proper validation, allowing for privilege escalation and launching an arbitrary executable on the local...

CVE-2023-0012

In SAP Host Agent Windows - versions 7.21, 7.22, an attacker who gains local membership to SAPLocalAdmin could be able to replace executables with a malicious file that will be started under a privileged account. Note that by default all user members of SAPLocaAdmin are denied the ability to logo...

PT-2023-15947 · Sap · Sap Host Agent

Name of the Vulnerable Software and Affected Versions: SAP Host Agent Windows versions 7.21, 7.22 Description: An attacker who gains local membership to SAP LocalAdmin could replace executables with a malicious file that will be started under a privileged account. This can only occur if the syste...

Mozilla Firefox Injection Vulnerability (CNVD-2023-03055)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from an injection vulnerability that stems from a failure to execute the Unsafe-Hashes CSP directive. An attacker could exploit this vulnerability to inject executable script...

[SECURITY] Fedora 37 Update: binwalk-2.3.3-1.fc37

Binwalk is a tool for searching a given binary image for embedded files and executable code. Specifically, it is designed for identifying files and code embedded inside of firmware images. Binwalk uses the python-magic library, so it is compatible with magic signatures created for the Unix file...

Modbus Slave 安全漏洞

Modbus Slave is a device simulator for PLC programming. A security vulnerability exists in Modbus Tools Modbus Slave 7.5.1 and earlier versions, which stems from a problem with an unknown function of the file mbslave.exe that can cause a buffer overflow...

Modbus Tools Modbus Poll 安全漏洞

Modbus Tools Modbus Poll is a Modbus master simulator from Modbus Tools. It is mainly used to help developers of Modbus slave devices or others who want to test and simulate Modbus. A security vulnerability exists in Modbus Tools Modbus Poll version 9.10.0 and earlier, which stems from a problem...

BlueNoroff introduces new methods bypassing MoTW

BlueNoroff group is a financially motivated threat actor eager to profit from its cyberattack capabilities. We have published technical details of how this notorious group steals cryptocurrency before. We continue to track the groups activities and this October we observed the adoption of new...

Authorization Bypass

Alpine is vulnerable to authorization bypass.The vulnerability exists in doFilter functions of BlacklistUrlFilter.java and WhitelistUrlFilter.java allows an attacker to bypass administrative restrictions via executable WAR files...