The vulnerability of the executable file Acrunnt.exe of the information security protection tool Akord-Win64 allows a intruder to execute arbitrary code.

The vulnerability of the Acrunnt.exe executable of the information protection tool Akord-Win64 relates to deficiencies in the mechanism for calling system libraries. Exploiting this vulnerability allows a perpetrator to execute arbitrary code using a specially crafted DLL library, by placing it a...

The vulnerability of the AppInit_DLLs parameter in the Akord-Win64 information protection tool allows a hacker to execute arbitrary code.

The vulnerability of the AppInitDLLs parameter in the Accord-Win64 information protection tool is related to deficiencies in the mechanism for calling system libraries. Exploiting this vulnerability allows a perpetrator to execute arbitrary code using a specially crafted DLL library, by placing i...

CVE-2019-5981

Improper authorization vulnerability in VAIO Update 7.3.0.03150 and earlier allows an attackers to execute arbitrary executable file with administrative privilege via unspecified vectors...

Authorization

Improper authorization vulnerability in VAIO Update 7.3.0.03150 and earlier allows an attackers to execute arbitrary executable file with administrative privilege via unspecified vectors...

CVE-2019-13125

HaboMalHunter through 2.0.0.3 in Tencent Habo allows attackers to evade dynamic malware analysis via PIE compilation...

PivotSuite - A Network Pivoting Toolkit

PivotSuite is a portable, platform independent and powerful network pivoting toolkit, Which helps Red Teamers / Penetration Testers to use a compromised system to move around inside a network. It is a Standalone Utility, Which can use as a Server or as a Client. PivotSuite as a Server : If the...

Command injection

In pfSense 2.4.4-p2 and 2.4.4-p3, if it is possible to trick an authenticated administrator into clicking on a button on a phishing page, an attacker can leverage XSS to upload arbitrary executable code, via diagcommand.php and rrdfetchjson.php timePeriod parameter, to a server. Then, the remote...

Sony VAIO Update License Issue Vulnerability

Sony VAIO Update is a system update utility that comes pre-installed in Sony VAIO computers from Sony Japan. An authorization issue vulnerability exists in Sony VAIO Update 7.3.0.03150 and prior versions. The vulnerability stems from a lack of authentication measures or insufficient authenticatio...

Arbitrary Code Execution

libvirt is vulnerable to arbitrary code execution. The virConnectGetDomainCapabilities libvirt API accepts an emulatorbin argument to specify the program providing emulation for a domain. libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an...

Unspecified Vulnerability in Check Point Endpoint Security Clien

Check Point Endpoint Security Client is an endpoint security protection software from Check Point Israel. A security vulnerability exists in versions of Check Point Endpoint Security Client prior to E80.83 for Windows-based platforms. An attacker can exploit this vulnerability to cause the user t...

CVE-2019-8459

Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without using quotes in the path. This can cause loading of a previously placed executable with a name similar to the parts of the path, instead of the intended one...

CVE-2019-8459

Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without using quotes in the path. This can cause loading of a previously placed executable with a name similar to the parts of the path, instead of the intended one...

CVE-2019-8459

CVE-2019-8459 affects Check Point Endpoint Security Client for Windows with the VPN blade, prior to version E80.83. The issue is a path handling flaw where a process is started without quotes around the executable path, allowing loading of a previously placed executable with a name similar to pat...

libvirt: arbitrary command execution via virConnectGetDomainCapabilities API

The virConnectGetDomainCapabilities libvirt API accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument,...

CVE-2019-10168

The virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU libvirt APIs accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an...

CVE-2019-10167

The virConnectGetDomainCapabilities libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients...

CVE-2019-10168

The virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's...

Design/Logic Flaw

A vulnerability in the exacqVision Enterprise System Manager ESM v5.12.2 application whereby unauthorized privilege escalation can potentially be achieved. This vulnerability impacts exacqVision ESM v5.12.2 and all prior versions of ESM running on a Windows operating system. This issue does not...

CVE-2019-7588 exacqVision Enterprise System Manager (ESM) privilege escalation

A vulnerability in the exacqVision Enterprise System Manager ESM v5.12.2 application whereby unauthorized privilege escalation can potentially be achieved. This vulnerability impacts exacqVision ESM v5.12.2 and all prior versions of ESM running on a Windows operating system. This issue does not...

Path traversal

In some configurations an attacker can inject a new executable path into the extensions.load file for osquery and hard link a parent folder of a malicious binary to a folder with known 'safe' permissions. Under those circumstances osquery will load said malicious executable with SYSTEM permission...