CVE-2022-20035

In vcu driver, there is a possible information disclosure due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171675; Issue ID: ALPS06171675...

CVE-2021-40363

CVE-2021-40363 affects Siemens SIMATIC PCS 7 and WinCC products. The underlying issue is that the affected component stores local system account credentials in a publicly accessible project file using an outdated cipher algorithm, enabling an attacker to brute-force credentials and take over the ...

Nimforum 路径遍历漏洞

Nimforum is a lightweight forum implementation that shares many similarities with Discourse. It is implemented in the Nim programming language and uses SQLite as its database. Nimforum suffers from a path traversal vulnerability, which arises from the fact that any forum user can create a post...

Citrix ADC upgrade operations might cause login failure for local system user accounts

Any of the following Citrix ADC upgrade operations might cause login failure for local system user accounts: from Citrix ADC 13.0-83.x buildor later buildsto Citrix ADC 13.1-4.x build from Citrix ADC 12.1-63.x buildor later buildsto Citrix ADC 13.1-4.x build from Citrix ADC 12.1-63.x buildor late...

CVE-2021-45337

Privilege escalation vulnerability in the Self-Defense driver of Avast Antivirus prior to 20.8 allows a local user with SYSTEM privileges to gain elevated privileges by "hollowing" process wscproxy.exe which could lead to acquire antimalware AM-PPL protection...

Keybase 安全漏洞

Keybase is a social networking platform that supports end-to-end encryption based on PGP technology. A security vulnerability in the Windows version of the Keybase client prior to version 5.6.0 can be exploited by malicious actors with write access to a user's Git repository to execute arbitrary...

Directory Traversal

nagvis is vulnerable to directory traversal. The vulnerability exists due to lack of sanitization of authentication when accessing the directory path allowing an attacker to delete files on the local system...

kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode

A denial of service in the kernel side of the FUSE functionality can allow a local system to create a denial of service...

Mozilla Firefox Security Advisory (MFSA2013-83) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

Microsoft Windows DNS Server Remote Code Execution Vulnerability

Microsoft Windows DNS Servers fail to properly handle requests, allowing an attacker to perform remote code execution in the context of the Local System Account. The vulnerability is also known under the moniker of SIGRed...

Dynojet Power Core 2.3.0 Unquoted Service Path

Exploit Title: Dynojet Power Core 2.3.0 - Unquoted Service Path Exploit Author: Pedro Sousa Rodrigues https://www.0x90.zone/ / @PedroSECR Version: 2.3.0 Build 303 Date: 30.10.2021 Vendor Homepage: https://www.dynojet.com/ Software Link: https://docs.dynojet.com/Document/18762 Tested on: Windows 1...

Dynojet Power Core 2.3.0 - Unquoted Service Path Vulnerability

Exploit Title: Dynojet Power Core 2.3.0 - Unquoted Service Path Exploit Author: Pedro Sousa Rodrigues https://www.0x90.zone/ / @PedroSECR Version: 2.3.0 Build 303 Vendor Homepage: https://www.dynojet.com/ Software Link: https://docs.dynojet.com/Document/18762 Tested on: Windows 10 Version 21H1 OS...

CVE-2021-37363

An Insecure Permissions issue exists in Gestionale Open 11.00.00. A low privilege account is able to rename the mysqld.exe file located in bin folder and replace with a malicious file that would connect back to an attacking computer giving system level privileges nt authority\system due to the...

CVE-2021-37364

OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default the Authenticated Users group has the modify permission to openclinic folders/files. A low privilege account is able to rename mysqld.exe or tomcat8.exe files located in bin folders and replace with a malicious file that would...

Path traversal

An Insecure Permissions issue exists in Gestionale Open 11.00.00. A low privilege account is able to rename the mysqld.exe file located in bin folder and replace with a malicious file that would connect back to an attacking computer giving system level privileges nt authority\system due to the...

CVE-2021-37364

OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default the Authenticated Users group has the modify permission to openclinic folders/files. A low privilege account is able to rename mysqld.exe or tomcat8.exe files located in bin folders and replace with a malicious file that would...

CVE-2021-37363

An Insecure Permissions issue exists in Gestionale Open 11.00.00. A low privilege account is able to rename the mysqld.exe file located in bin folder and replace with a malicious file that would connect back to an attacking computer giving system level privileges nt authority\system due to the...

CVE-2021-33178

The Manage Backgrounds functionality within NagVis versions prior to 1.9.29 is vulnerable to an authenticated path traversal vulnerability. Exploitation of this results in a malicious actor having the ability to arbitrarily delete files on the local system...

CVE-2021-33178

The Manage Backgrounds functionality within NagVis versions prior to 1.9.29 is vulnerable to an authenticated path traversal vulnerability. Exploitation of this results in a malicious actor having the ability to arbitrarily delete files on the local system...

Nagios 路径遍历漏洞

Nagios XI is an IT infrastructure monitoring solution from Nagios, Inc. The solution supports monitoring and alerting of applications, services, operating systems, etc. Nagvis versions prior to 2.0.9 have a security vulnerability that could allow an attacker to arbitrarily delete files on the loc...