6840 matches found
jsish Jsi_ObjSetLength function buffer overflow vulnerability
Jsish is a small JavaScript parser written in C with a built-in database.Jsish has a buffer overflow vulnerability in versions prior to 3.0.8, which stems from the failure of the product's JsiObjSetLength function to restrict integer data boundaries, allowing an attacker to execute arbitrary code...
CVE-2021-31859
Incorrect privileges in the MU55 FlexiSpooler service in YSoft SafeQ 6 6.0.55 allows local user privilege escalation by overwriting the executable file via an alternative data stream...
CVE-2021-31859
CVE-2021-31859 affects YSoft SafeQ 6 MU55 FlexiSpooler (version 6.0.55). The vulnerability is described as incorrect privileges in the MU55 FlexiSpooler service that enables local privilege escalation by overwriting the executable file via an alternate data stream. The available documents confirm...
PT-2021-19553 · Ysoft · Ysoft Safeq 6
Name of the Vulnerable Software and Affected Versions: YSoft SafeQ 6 version 6.0.55 Description: The issue concerns incorrect privileges in the MU55 FlexiSpooler service, allowing a local user to escalate privileges by overwriting the executable file via an alternative data stream. Recommendation...
CVE-2021-36376
dandavison delta before 0.8.3 on Windows resolves an executable's pathname as a relative path from the current directory...
CVE-2021-36376
dandavison delta before 0.8.3 on Windows resolves an executable's pathname as a relative path from the current directory...
CVE-2021-36376
dandavison delta before 0.8.3 on Windows resolves an executable's pathname as a relative path from the current directory...
CVE-2021-36376
dandavison delta before 0.8.3 on Windows resolves an executable's pathname as a relative path from the current directory...
Default credentials
A vulnerability has been identified in JT2Go All versions V13.2, Teamcenter Visualization All versions V13.2. The Gifloader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out of bounds write past the end of an...
dandavison delta 代码问题漏洞
dandavison delta is an open source viewer of git and diff output. A security vulnerability exists in dandavison delta on Windows prior to 0.8.3, which stems from dandavison delta resolving the pathname of an executable file to a relative path in the current directory...
IBM Security Access Manager 代码问题漏洞
IBM Security Access Manager is a product of IBM Corporation for information security management. A security vulnerability exists in IBM Security Access Manager Docker, which stems from the fact that IBM Security Access Manager Docker can allow remote privileged users to upload arbitrary files wit...
CVE-2021-32679
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, filenames where not escaped by default in controllers using DownloadResponse. When a user-supplied filename was passed unsanitized into a DownloadResponse, this could be used to...
RUSTSEC-2021-0105 Relative Path Traversal in git-delta
git-delta before 0.8.3 on Windows resolves an executable's pathname as a relative path from the current directory...
Relative Path Traversal in git-delta
git-delta before 0.8.3 on Windows resolves an executable's pathname as a relative path from the current directory...
PT-2021-19851 · Nextcloud +2 · Nextcloud Server +2
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 19.0.13 Nextcloud Server versions prior to 20.0.11 Nextcloud Server versions prior to 21.0.3 Description: Nextcloud Server is a package that handles data storage. In affected versions, filenames were not...
Backdoor.IRC.Ataka.a Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/2da85579b259e6de86590e067003e064.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.IRC.Ataka.a Vulnerability: Insecure Permissions Description: The malware creates a dir with...
CVE-2021-34110
WinWaste.NET version 1.0.6183.16475 has incorrect permissions, allowing a local unprivileged user to replace the executable with a malicious file that will be executed with "LocalSystem" privileges...
Code injection
WinWaste.NET version 1.0.6183.16475 has incorrect permissions, allowing a local unprivileged user to replace the executable with a malicious file that will be executed with "LocalSystem" privileges...
CVE-2021-34110
CVE-2021-34110 affects WinWaste.NET 1.0.6183.16475, where incorrect file permissions allow a local unprivileged user to replace the executable (e.g., WinWasteService.exe) or tied DLLs, leading to execution of a malicious file with LocalSystem privileges. Evidence from multiple sources (Red Hat, N...
MDT AutoSave SQL注入漏洞
MDT AutoSave is a software application. It provides an automated change management function. An SQL injection vulnerability exists in MDT AutoSave where a function in the device is used to retrieve process-specific system information, which is collected by executing multiple commands and...