CVE-2020-35112

If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension such as .bat or .exe that executable would have been launched instead. Note:...

PT-2021-9622 · Unknown · Win-911 Enterprise

Name of the Vulnerable Software and Affected Versions: Win-911 Enterprise version 4.20.13 Description: A local privilege elevation issue exists due to file system permissions in the install directory, specifically via the WIN-911 Account Change Utility. This allows an attacker to overwrite...

Backdoor.Win32.Zombam.k Stack Buffer Overflow

Discovery / credits: malvuln - Malvuln.com c 2021 Original source: https://malvuln.com/advisory/79d9908b6769e64f922e74a090f5ceeb.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Zombam.k Vulnerability: Remote String Dereference Stack Buffer Overflow Description:...

Win911 Enterprise Security Vulnerability

Win911 Enterprise is a mobile application from Win911 USA that allows information interaction with industrial equipment. A security vulnerability exists in Win-911 Enterprise V4.20.13, which can be exploited by an attacker to override various executable programs, which may result in escalation of...

Win911 Mobile Server Security Vulnerability

Win911 Mobile Server is a server-side program used in industrial environments to provide interactive data support for mobile apps from Win911 USA. A security vulnerability exists in Win911 Mobile Server V2.5, which can be exploited by an attacker to overwrite the service executable and execute...

CVE-2020-5807

An unauthenticated remote attacker can send data to RsvcHost.exe listening on TCP port 5241 to add entries in the FactoryTalk Diagnostics event log. The attacker can specify long fields in the log entry, which can cause an unhandled exception in wcscpys if a local user opens FactoryTalk Diagnosti...

DLL Hijacking Vulnerability in Cyberdocument Windows Client

Xunfei Document is an online document software that supports multiple people and multiple ends to edit at the same time, produced by KDDI. Xunfei Document windows client DLL hijacking vulnerability, an attacker can use the vulnerability in the client process to inject executable DLL file, to...

Security update for MozillaFirefox (critical)

openSUSE Security Update: Security update for MozillaFirefox Announcement ID: openSUSE-SU-2020:2325-1 Rating: critical References: 1180039 Cross-References: CVE-2020-16042 CVE-2020-26971 CVE-2020-26973 CVE-2020-26974 CVE-2020-26978 CVE-2020-35111 CVE-2020-35112 CVE-2020-35113 Affected Products:...

Google Discloses Poorly-Patched, Now Unpatched, Windows 0-Day Bug

Google's Project Zero team has made public details of an improperly patched zero-day security vulnerability in Windows print spooler API that could be leveraged by a bad actor to execute arbitrary code. Details of the unpatched flaw were revealed publicly after Microsoft failed to rectify it with...

Remote Code Execution(RCE)

firefox is vulnerable to remote code execution RCE. It is possible due to opening an extension-less download which have inadvertently launched an executable instead...

Command Execution Vulnerability in Huaan Securities Options Bowl

Huaan Securities Options Bao is an individual stock options online trading Qianlong version of the client is a set of individual stock options quotes, strategies, trading in one of the professional terminal. Huaan Securities Options Treasure suffers from a command execution vulnerability, which c...

DLL Hijacking Vulnerability in Yimin Master Gold Nuggets Client Software

Founded in 2005, Yimin Co., Ltd. provides customers with three major businesses, namely, securities assisted decision-making software, investor education, and investment consulting, and is committed to improving the profitability of its users. Tencent is the second largest shareholder of the...

Command Execution Vulnerability in Xiaozhi Desktop

Smart Desktop is a desktop organizer that improves office efficiency. Xiaozhi Desktop suffers from a command execution vulnerability, which can be exploited by an attacker to inject an executable DLL file into a client process to perform arbitrary functions...

Command Execution Vulnerability in Yimin Love Stocks

Yimeng love stock speculation is Yimeng efforts to create, the first support for stock speculation personality customization of lightweight stock speculation software. The EML AiShaoware has a command execution vulnerability that can be exploited by an attacker to inject an executable DLL file in...

Command Execution Vulnerability in SourceWise Editor Client Software

SourceWise Editor is a brand new hardware programming client that is the latest addition to Programming Cat. A command execution vulnerability exists in the Source Code Wise Editor client software, which can be exploited by an attacker to inject an executable DLL file into the client process to...

Command Execution Vulnerability in Kingdee Wisdom Store Edition Client Software

Developed by YouShang.com, an e-commerce service website under Kingdee International Software Group HK Code: 268, WisdomJournal is China's first free management software tailored for individual merchants to manage their sales and inventories, with the core value of "accurate quotes and clear...

Microsoft Windows kernel buffer error vulnerability

Microsoft Windows is a desktop operating system from Microsoft Corporation USA. Microsoft Windows suffers from a buffer error vulnerability that allows a local user to escalate privileges on the system. The vulnerability exists due to a boundary error within the user mode printer driver host...

CVE-2020-35608

A code execution vulnerability exists in the normal world’s signed code execution functionality of Microsoft Azure Sphere 20.07. A specially crafted AFPACKET socket can cause a process to create an executable memory mapping with controllable content. An attacker can execute a shellcode that uses...

CVE-2020-25106

Nanosystems SupRemo 4.1.3.2348 allows attackers to obtain LocalSystem access because File Manager can be used to rename Supremo.exe and then upload a Trojan horse with the Supremo.exe filename...

DEBIAN-CVE-2020-26284

Hugo is a fast and Flexible Static Site Generator built in Go. Hugo depends on Go's os/exec for certain features, e.g. for rendering of Pandoc documents if these binaries are found in the system %PATH% on Windows. In Hugo before version 0.79.1, if a malicious file with the same name exe or bat is...