6839 matches found
Advantech WebAccess/SCADA installation privilege escalation vulnerability
Summary Multiple exploitable local privilege elevation vulnerabilities exist in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. Depending on the vector chosen, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. Tested...
Backdoor.Win32.Aphexdoor.LiteSock Buffer Overflow
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/a8bb1744bedf43849ed808b7dfa32da4.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Aphexdoor.LiteSock Vulnerability: Remote Stack Buffer Overflow Description:...
CVE-2020-35125
A cross-site scripting XSS vulnerability in the forms component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript via mauticreturn a different attack method than CVE-2020-35124, but also related to the Referer concept...
CVE-2020-35125
A cross-site scripting XSS vulnerability in the forms component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript via mauticreturn a different attack method than CVE-2020-35124, but also related to the Referer concept...
Cross site scripting
A cross-site scripting XSS vulnerability in the forms component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript via mauticreturn a different attack method than CVE-2020-35124, but also related to the Referer concept...
CVE-2020-35125
A cross-site scripting XSS vulnerability in the forms component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript via mauticreturn a different attack method than CVE-2020-35124, but also related to the Referer concept...
[SECURITY] Fedora 32 Update: python3-3.8.7-2.fc32
Python is an accessible, high-level, dynamically typed, interpreted program ming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3 package provides the "python3" executable: the...
Trend Micro Antivirus for Mac Memory Exhaustion Denial-Of-Service Vulnerability
This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Trend Micro Antivirus for Mac. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...
CVE-2020-35124
A cross-site scripting XSS vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads...
CVE-2020-35124
A cross-site scripting XSS vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads...
Backdoor.Win32.Noknok.60 Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ecaf6a123fdf1f5660692dfc4c67a933.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Noknok.60 Vulnerability: Insecure Permissions Description: When generating an...
Selea CarPlateServer 4.0.1.6 Remote Program Execution
Selea CarPlateServer CPS v4.0.1.6 Remote Program Execution Vendor: Selea s.r.l. Product web page: https://www.selea.com Affected version: 4.0.1.6210120 4.013201105 3.100200225 3.005191206 3.005191112 Summary: Our CPS Car Plate Server software is an advanced solution that can be installed on...
Acronis: Acronis True Image 2020 Build 22510 Nonstop Backup Service Unquoted service path (privilege escalation)
Vulnerability description not provided...
Remote code execution
OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to import/export data and to create widget instances was able to inject an...
CVE-2020-26295 CMS Editor code execution
OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, an administrator with permission to import/export data and to edit cms pages was able to inject an executable file on the server via layout xml. The latest OpenMage Versions up from 19.4.9 an...
CVE-2020-26285 Widget instances allows a hacker to inject an executable file on the server on OpenMage
OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to import/export data and to create widget instances was able to inject an...
The vulnerability of the splwow64.exe process in the Windows operating system, which allows a hacker to escalate their privileges
The vulnerability of the splwow64.exe process in Windows operating systems is related to call processing errors. Exploiting this vulnerability can allow attackers to gain increased privileges...
CVE-2020-26252
OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable file on the server...
CVE-2020-26252
OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable file on the server...
Remote code execution
OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable file on the server...