Cisco Access Points SSH Management Privilege Escalation Vulnerability

A vulnerability in the SSH management feature of multiple Cisco Access Points APs platforms could allow a local, authenticated user to modify files on the affected device and possibly gain escalated privileges. The vulnerability is due to improper checking on file operations within the SSH...

VMware vCenter Server Appliance Update Manager Directory Traversal Arbitrary File Deletion Vulnerability

This vulnerability allows remote attackers to delete arbitrary files on affected installations of VMware vCenter Server Appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Update Manager. The issue results from the lack of proper validation...

Schneider Electric EcoStruxure Control Expert Classic STU and STA File Parsing Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Control Expert Classic. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...

SolarWinds Orion Platform ExportToPDF Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within ExportToPDF.aspx. The issue results from the lack of proper validation of ...

Design/Logic Flaw

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.14.1, RUGGEDCOM ROX RX1400 All versions V2.14.1, RUGGEDCOM ROX RX1500 All versions V2.14.1, RUGGEDCOM ROX RX1501 All versions V2.14.1, RUGGEDCOM ROX RX1510 All versions V2.14.1, RUGGEDCOM ROX RX1511 All versions V2.14.1,...

SharpStrike - A Post Exploitation Tool Written In C# Uses Either CIM Or WMI To Query Remote Systems

SharpStrike is a post-exploitation tool written in C that uses either CIM or WMI to query remote systems. It can use provided credentials or the current user's session. Note: Some commands will use PowerShell in combination with WMI, denoted with in the --show-commands command. Introduction...

F5 BIG-IP 操作系统命令注入漏洞

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. An unspecified vulnerability exists in the F5 BIG-IP Advanced WAF and ASM TMUI, which, when cracked, allows an authenticated...

Remote code execution

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or...

Microsoft Warns of Another Unpatched Windows Print Spooler RCE Vulnerability

A day after releasing Patch Tuesday updates, Microsoft acknowledged yet another remote code execution vulnerability in the Windows Print Spooler component, adding that it's working to remediate the issue in an upcoming security update. Tracked as CVE-2021-36958 CVSS score: 7.3, the unpatched flaw...

CVE-2021-38586

In cPanel before 98.0.1, /scripts/cpanconfig performs unsafe operations on files SEC-589...

CVE-2021-38586

In cPanel before 98.0.1, /scripts/cpanconfig performs unsafe operations on files SEC-589...

CVE-2021-38586

In cPanel before 98.0.1, /scripts/cpanconfig performs unsafe operations on files SEC-589...

Windows Print Spooler Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or...

Micro Focus SUSE Linux Enterprise Server 后置链接漏洞

Micro Focus SUSE Linux Enterprise Server is a suite of enterprise server edition Linux operating systems from Micro Focus in the United Kingdom. A security vulnerability exists in Micro Focus SUSE Linux Enterprise Server, which stems from potentially dangerous file system operations in...

(Pwn2Own) Microsoft Windows AppX Deployment Service Race Condition Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AppX Deploymen...

Microsoft Windows InstallService Time-Of-Check Time-Of-Use Denial-of-Service Vulnerability

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within t...

CVE-2021-34481

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or...

KB5004948: Windows 10 1607 and Windows Server 2016 OOB Security Update RCE (July 2021)

A remote command execution vulnerability exists in Windows Print Spooler service improperly performs privileged file operations. An authenticated, remote attacker can exploit this to bypass and run arbitrary code with SYSTEM privileges. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

CVE-2021-34527

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or...

Remote code execution

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or...