Vmware VMWare SD-WAN Orchestrator Path Traversal Vulnerability

Vmware VMWare SD-WAN Orchestrator is a software from Vmware that orchestrates network data flows in a software-defined network architecture. The software provides Web pages to visualize and manage users, gateways, and authentication. A path traversal vulnerability exists in VMware SD-WAN...

Tobesoft Xplatform Input Validation Error Vulnerability

Tobesoft Xplatform is a set of Korean Tobesoft application development platform. The platform supports form and composite component inheritance, CSS autosetting, and multi-document interfaces. TOBESOFT XPLATFORM suffers from an input validation error vulnerability that originates when a command...

CVE-2020-7841

Improper input validation vulnerability exists in TOBESOFT XPLATFORM which could cause arbitrary .hta file execution when the command string is begun with http://, https://, mailto://...

CVE-2020-7841

Improper input validation vulnerability exists in TOBESOFT XPLATFORM which could cause arbitrary .hta file execution when the command string is begun with http://, https://, mailto://...

CVE-2020-7841 TOBESOFT XPLATFORM arbitrary hta file execution vulnerability

Improper input validation vulnerability exists in TOBESOFT XPLATFORM which could cause arbitrary .hta file execution when the command string is begun with http://, https://, mailto://...

Tobesoft Xplatform 输入验证错误漏洞

Tobesoft Xplatform is a set of Korean Tobesoft application development platform. The platform supports form and composite component inheritance, CSS autosetting, and multi-document interfaces. TOBESOFT XPLATFORM suffers from an input validation error vulnerability that originates when a command...

CVE-2020-27386

An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code e.g., ASP code in the form of a safe file type e.g., a TXT file, and then using the FileEditor in v1.5.8...

CVE-2020-7331

Unquoted service executable path in McAfee Endpoint Security ENS prior to 10.7.0 November 2020 Update allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files...

Design/Logic Flaw

Unquoted service executable path in McAfee Endpoint Security ENS prior to 10.7.0 November 2020 Update allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files...

CVE-2020-7331

CVE-2020-7331 describes an issue in McAfee Endpoint Security (ENS) for Windows, where an unquoted service executable path in ENS prior to the 10.7.0 November 2020 Update allows a local user to cause a denial of service and execute malicious files by placing a crafted executable. Public sources (N...

CVE-2020-7331 Unquoted service executable path in McAfee Endpoint Security (ENS)

Unquoted service executable path in McAfee Endpoint Security ENS prior to 10.7.0 November 2020 Update allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files...

PT-2020-19560 · Mcafee · Mcafee Endpoint Security

Name of the Vulnerable Software and Affected Versions: McAfee Endpoint Security ENS versions prior to 10.7.0 November 2020 Update Description: The issue allows local users to cause a denial of service and execute malicious files by creating carefully crafted and named executable files, due to an...

Foxit Reader Command Injection Vulnerability

Foxit is a professional electronic document technology solutions provider. Foxit Reader, one of Foxit's outstanding products, is currently one of the most popular PDF readers worldwide. A command injection vulnerability exists in the app.opencPDFWebPage JavsScript API product in Foxit Reader, whi...

Windows Error Reporting Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows Error Reporting WER when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it. An attacker who successfully exploited the vulnerability could gain greater access to...

GHSA-59X8-7WX6-4HJ9 Malicious Package in secure_identity_login_module

All versions of secureidentityloginmodule contain malicious code. The package uploads system information to a remote server, downloads a file and executes it. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored...

GHSA-559Q-92VX-XVJP Malicious Package in qingting

All versions of qingting contain malicious code. The package uploads system information to a remote server, downloads a file and executes it. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer...

Malicious Package in midway-xtpl

All versions of midway-xtpl contain malicious code. The package uploads system information to a remote server, downloads a file and executes it. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that...

GHSA-G5Q2-FCG9-J526 Malicious Package in hsf-clients

All versions of hsf-clients contain malicious code. The package uploads system information to a remote server, downloads a file and executes it. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that...

Malicious Package in luna-mock

All versions of luna-mock contain malicious code. The package uploads system information to a remote server, downloads a file and executes it. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that compute...

Malicious Package in hpmm

All versions of hpmm contain malicious code. The package uploads system information to a remote server, downloads a file and executes it. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer...