Wondershare FamiSafe 1.0 - (FSService) Unquoted Service Path Vulnerability

Exploit Title: Wondershare FamiSafe 1.0 - 'FSService' Unquoted Service Path Discovery by: Luis Martinez Vendor Homepage: https://www.wondershare.com/ Software Link : https://download-es.wondershare.com/famisafefull7869.exe Tested Version: 1.0 Vulnerability Type: Unquoted Service Path Tested on OS...

Wondershare Dr.Fone 11.4.9 - (DFWSIDService) Unquoted Service Path Vulnerability

Exploit Title: Wondershare Dr.Fone 11.4.9 - 'DFWSIDService' Unquoted Service Path Discovery by: Luis Martinez Vendor Homepage: https://www.wondershare.com/ Software Link : https://download.wondershare.com/drfonefull3360.exe Tested Version: 11.4.9 Vulnerability Type: Unquoted Service Path Tested o...

The vulnerability of the Windows Resilient File System, a local file system for Windows operating systems, allows an attacker to execute arbitrary code.

The vulnerability of the Windows Resilient File System, a local file system of the Windows operating system, is related to improper code generation. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

CVE-2021-34867

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists withi...

Linux kernel 资源管理错误漏洞

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel suffers from a resource management error vulnerability that stems from a use-after-free error in the cgroup1parseparam function in kernel/cgroup/cgroup-v1.c in the cgroup v1 parser of Linux...

CVE-2021-38990

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the mount command which could lead to code execution. IBM X-Force ID: 212952...

CVE-2021-44158

ASUS RT-AX56U Wi-Fi Router is vulnerable to stack-based buffer overflow due to improper validation for httpd parameter length. An authenticated local area network attacker can launch arbitrary code execution to control the system or disrupt service...

FreeBSD : OpenSearch -- Log4Shell (b0f49cb9-6736-11ec-9eea-589cfc007716)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b0f49cb9-6736-11ec-9eea-589cfc007716 advisory. - It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain...

CVE-2021-45046

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context...

Default configuration

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context...

CVE-2021-45046 Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context...

CVE-2021-45046

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context...

CVE-2021-45046

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context...

CVE-2021-25510

An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows local arbitrary code execution...

Samsung SMR 输入验证错误漏洞

Samsung SMR is a system patch package from Samsung South Korea. It provides patches for Samsung mobile applications. A security vulnerability exists in versions prior to Samsung SMR Dec-2021 Release 1, which can be exploited by an attacker to execute arbitrary code locally...

CVE-2021-42682

An Integer Overflow vulnerability exists in Accops HyWorks DVM Tools prior to v3.3.1.105 .The IOCTL Handler 0x22001B allows local attackers to execute arbitrary code in kernel mode or cause a denial of service memory corruption and OS crash via specially crafted I/O Request Packet...

CVE-2021-42986

NoMachine Enterprise Client is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Client above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service memory corruption and OS crash via specially crafted I/O...

IBM MQ Appliance has unspecified vulnerabilities

IBM MQ Appliance is an all-in-one appliance for rapid deployment of enterprise-class messaging middleware from IBM U.S.A. A security vulnerability exists in IBM MQ Appliance, which stems from the fact that IBM MQ Appliance may allow local privileged users to inject and execute malicious code. No...

Input validation

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM...

Siemens Sentron Powermanager Local Code Execution Vulnerability

Siemens Sentron Powermanager is a power management software from Siemens, a German company. A local code execution vulnerability exists in Siemens Sentron Powermanager, which stems from an affected application assigning incorrect access rights to a specific folder containing configuration files. ...