Microsoft Windows and Microsoft Windows Server Elevation of Privilege Vulnerability (CNVD-2020-49365)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows and Microsoft Windows...

Windows Backup Service Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges...

Windows Work Folder Service Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted...

Windows Storage Service Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system. To exploit the vulnerability, an attacker would first have to gain execution o...

Windows Remote Access Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Remote Access improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. To exploit the vulnerability, an attacker would first need code execution on a victim system...

Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a...

PT-2020-3836 · Microsoft · Windows Backup Service +1

Name of the Vulnerable Software and Affected Versions: Windows Backup Service affected versions not specified Description: The issue is related to an elevation of privilege vulnerability that exists when the Windows Backup Service improperly handles file operations. To exploit this, an attacker...

KB4571709: Windows 10 Version 1803 August 2020 Security Update

The remote Windows host is missing security update 4571709. It is, therefore, affected by multiple vulnerabilities : - A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could instal...

Marvell QConvergeConsole decryptFile Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the decryptFile method of the FlashValidatorServiceImpl class. The issue result...

Marvell QConvergeConsole getFileFromURL Unrestricted File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the getFileFromURL...

Marvell QConvergeConsole getFileUploadBytes Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getFileUploadBytes method of the FlashValidatorServiceImpl class. T...

Marvell QConvergeConsole saveAsText Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the saveAsText meth...

PT-2020-3934 · Microsoft · Windows Storage Services +1

Name of the Vulnerable Software and Affected Versions: Windows Storage Services affected versions not specified Description: An elevation of privilege issue exists due to improper handling of file operations by the Windows Storage Services. To exploit this, an attacker would first need code...

CVE-2020-15623

This vulnerability allows remote attackers to write arbitrary files on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmodsecurity.php. When parsing the archivo parameter, the process...

Design/Logic Flaw

This vulnerability allows remote attackers to write arbitrary files on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmodsecurity.php. When parsing the archivo parameter, the process...

(0Day) IBM Informix bts_tracefile Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to create arbitrary files on affected installations of IBM Informix. Authentication is required to exploit this vulnerability. The specific flaw exists within the btstracefile function. When parsing the trace filename, the process does not properly...

Microsoft Windows Profile Service Elevation of Privilege Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows Profile Service, which...

Microsoft Windows iSCSI Target Service Elevation of Privilege Vulnerability

Windows Server is the brand name of a series of server operating systems released by Microsoft, which includes all Windows operating systems released under the brand name "Windows Server". An elevation of privilege vulnerability exists in the Microsoft Windows iSCSI Target Service, which stems fr...

Advantech iView LinksTable exportLinks Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the exportLinks method of the LinksTable class. The issue...

Advantech iView MenuServlet Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MenuServlet servlet. The issue results from the lack of proper validation of...