CVE-2024-10228

The Vagrant VMWare Utility Windows installer targeted a custom location with a non-protected path that could be modified by an unprivileged user, introducing potential for unauthorized file system writes. This vulnerability, CVE-2024-10228, was fixed in Vagrant VMWare Utility 1.0.23...

CVE-2023-50236

A vulnerability has been identified in Polarion ALM All versions V2404.0. The affected product is vulnerable due to weak file and folder permissions in the installation path. An attacker with local access could exploit this vulnerability to escalate privileges to NT AUTHORITY\SYSTEM...

PT-2024-2744 · Siemens · Polarion Alm

Name of the Vulnerable Software and Affected Versions: Polarion ALM versions prior to V2404.0 Description: A vulnerability has been identified due to weak file and folder permissions in the installation path. An attacker with local access could exploit this vulnerability to escalate privileges to...

PT-2023-31939 · Foru Cms · Foru Cms

Name of the Vulnerable Software and Affected Versions: ForU CMS affected versions not specified Description: A critical vulnerability has been found in ForU CMS, affecting an unknown part of the file /install/index.php. The manipulation of the db name argument leads to code injection. It is...

CVE-2022-47631

Razer Synapse through 3.7.1209.121307 allows privilege escalation due to an unsafe installation path and improper privilege management. Attackers can place DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed and if they deny write access for the SYSTEM...

CVE-2022-47631

Razer Synapse through 3.7.1209.121307 allows privilege escalation due to an unsafe installation path and improper privilege management. Attackers can place DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed and if they deny write access for the SYSTEM...

PT-2023-15443 · Razer · Razer Synapse

Name of the Vulnerable Software and Affected Versions: Razer Synapse versions 3.7.1209.121307 and earlier Description: The issue allows for privilege escalation due to an unsafe installation path and improper privilege management. Attackers can place DLLs into %PROGRAMDATA%RazerSynapse3Servicebin...

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass. Under rare conditions, a restart of Umbraco can allow unauthorized users to gain admin-level permissions. Workaround 1 Enabling the Unattended Install feature will mean the vulnerability is not exploitable. 2...

PT-2023-25870 · Umbraco · Umbraco

Name of the Vulnerable Software and Affected Versions: Umbraco versions prior to 10.6.1 Umbraco versions prior to 11.4.2 Umbraco versions prior to 12.0.1 Description: Under rare conditions, a restart of Umbraco can allow unauthorized users to gain admin-level permissions, potentially leading to...

CVE-2022-48150

Shopware v5.5.10 was discovered to contain a cross-site scripting XSS vulnerability via the recovery/install/ URI...

SUSE CVE-2006-3682

awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote attackers to obtain the installation path via the 1 year, 2 pluginmode or 3 month parameters...

SUSE CVE-2006-6373

PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message...

CVE-2022-47632

Razer Synapse before 3.7.0830.081906 allows privilege escalation due to an unsafe installation path, improper privilege management, and improper certificate validation. Attackers can place malicious DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed a...

Razer Synapse 代码问题漏洞

Razer Synapse is an application from Razer, Inc. designed to configure and customize Razer's line of hardware. A security vulnerability exists in versions prior to Razer Synapse 3.7.0830.081906 that stems from its insecure installation path, improper privilege management, and improper certificate...

CVE-2022-47632

Razer Synapse before 3.7.0830.081906 allows privilege escalation due to an unsafe installation path, improper privilege management, and improper certificate validation. Attackers can place malicious DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed a...

Google Drive for desktop 安全漏洞

Google Drive for desktop is a desktop synchronization client from Google USA. It allows you to easily manage and share content across all your devices and in the cloud. A security vulnerability exists in Google Drive for desktop versions prior to 64.0, which stems from the fact that an attacker c...

Xerte 3.9 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Xerte 3.9 - Remote Code Execution RCE Authenticated Exploit Author: Rik Lutz Vendor Homepage: https://xerte.org.uk Software Link: https://github.com/thexerteproject/xerteonlinetoolkits/archive/refs/heads/3.8.5-33.zip Version: up until version 3.9 Tested on: Windows 10 XAMP CVE :...

Xerte 3.9 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Xerte 3.9 - Remote Code Execution RCE Authenticated Date: 05/03/2021 Exploit Author: Rik Lutz Vendor Homepage: https://xerte.org.uk Software Link: https://github.com/thexerteproject/xerteonlinetoolkits/archive/refs/heads/3.8.5-33.zip Version: up until version 3.9 Tested on: Windows...

WBCE CMS 安全漏洞

WBCE CMS is an open source content management system CMS based on PHP and MySQL. WBCE CMS suffers from a security vulnerability that originates in /templates/install.php that allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2020-19515

qdPM V9.1 is vulnerable to Cross Site Scripting XSS via qdPM\install\modules\databaseconfig.php...