1071 matches found
CVE-2021-29645
Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendMessageTimeoutW API with arbitrary arguments via a local pipe, leading to a local privilege escalation vulnerability. An attacker who exploits this issue could execute arbitrary code on the local system...
JP1/IT Desktop Management 2 安全漏洞
Hitachi JP1/IT Desktop Management 2 is an automated collection of various types of information from Hitachi, Japan Hitachi that allows you to manage it in one place. A security vulnerability exists in Hitachi JP1 IT Desktop Management that originates from a local privilege escalation vulnerabilit...
Nagios server-side request forgery vulnerability
Nagios is an open source, free network monitoring tool from Nagios, Inc. NagiosXI in version 5.8.4 has a server-side request forgery vulnerability, which stems from the product's failure to properly validate user input and could be exploited by an authenticated attacker to access internal resourc...
CVE-2021-37223
Nagios Enterprises NagiosXI = 5.8.4 contains a Server-Side Request Forgery SSRF vulnerability in schedulereport.php. Any authenticated user can create scheduled reports containing PDF screenshots of any view in the NagiosXI application. Due to lack of input sanitisation, the target page can be...
Server side request forgery (ssrf)
Nagios Enterprises NagiosXI = 5.8.4 contains a Server-Side Request Forgery SSRF vulnerability in schedulereport.php. Any authenticated user can create scheduled reports containing PDF screenshots of any view in the NagiosXI application. Due to lack of input sanitisation, the target page can be...
CVE-2021-35312
A vulnerability was found in CIR 2000 / Gestionale Amica Prodigy v1.7. The Amica Prodigy's executable "RemoteBackup.Service.exe" has incorrect permissions, allowing a local unprivileged user to replace it with a malicious file that will be executed with "LocalSystem" privileges...
WinWaste.NET 安全漏洞
WinWaste.NET is an open source waste management software. A security vulnerability exists in WinWaste.NET version 1.0.6183.16475, which can be exploited by a local, unprivileged attacker to replace an executable file with a malicious file executed with LocalSystem privileges...
CVE-2021-1527 Cisco Webex Player Memory Corruption Vulnerability
A vulnerability in Cisco Webex Player for Windows and MacOS could allow an attacker to cause the affected software to terminate or to gain access to memory state information that is related to the vulnerable application. The vulnerability is due to insufficient validation of values in Webex...
CVE-2021-1526 Cisco Webex Player Memory Corruption Vulnerability
A vulnerability in Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system. This vulnerability is due to insufficient validation of values in Webex recording files that are in Webex Recording Format WRF. An attacker could exploit this...
CVE-2021-1503 Cisco Webex Network Recording Player and Webex Player Memory Corruption Vulnerability
A vulnerability in Cisco Webex Network Recording Player for Windows and MacOS and Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system. This vulnerability is due to insufficient validation of values in Webex recording files that are in...
Exploit for Exposed IOCTL with Insufficient Access Control in Dell Dbutil
CVE-2021-21551 Simple PoC for exploiting CVE-2021-21551 for LP...
Splinterware System Scheduler Professional 5.30 Unquoted Service Path
Exploit Title: Splinterware System Scheduler Professional 5.30 - Unquoted Service Path Date: 2021-05-11 Exploit Author: Andrea Intilangelo Vendor Homepage: https://www.splinterware.com Software Link: https://www.splinterware.com/download/ssproeval.exe Version: 5.30 Professional Tested on: Windows...
Splinterware System Scheduler Professional 5.30 - Unquoted Service Path
Exploit Title: Splinterware System Scheduler Professional 5.30 - Unquoted Service Path Date: 2021-05-11 Exploit Author: Andrea Intilangelo Vendor Homepage: https://www.splinterware.com Software Link: https://www.splinterware.com/download/ssproeval.exe Version: 5.30 Professional Tested on: Windows...
CVE-2021-1530 Cisco BroadWorks Messaging Server XML External Entity Injection Vulnerability
A vulnerability in the web-based management interface of Cisco BroadWorks Messaging Server Software could allow an authenticated, remote attacker to access sensitive information or cause a partial denial of service DoS condition on an affected system. This vulnerability is due to improper handlin...
CVE-2021-29221
A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation's directory, a local attacker could hijack accounts of other users running Erlang programs or possibly coerce a service running with "erlsrv.exe" to execute...
CVE-2021-29221
A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation's directory, a local attacker could hijack accounts of other users running Erlang programs or possibly coerce a service running with "erlsrv.exe" to execute...
Erlang/OTP 代码问题漏洞
erlang/otp is a personal developer of a library written in JavaScript to handle handling exceptions. The library catches exceptions raised by the node.js built-in API. A security vulnerability exists in Erlang/OTP version 23.2.3 and earlier versions, which can be exploited to hijack the account o...
BRAdmin Professional 3.75 - (BRA_Scheduler) Unquoted Service Path Vulnerability
Exploit Title: BRAdmin Professional 3.75 - 'BRAScheduler' Unquoted Service Path Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://global.brother/ Software Link: https://support.brother.com/g/b/downloadend.aspx?c=us&lang=en&prod=hls7000dnuseuas&os=10013&dlid=dlf005042000&flang=4&type3=...
BRAdmin Professional 3.75 Unquoted Service Path
Exploit Title: BRAdmin Professional 3.75 - 'BRAScheduler' Unquoted Service Path Date: 2021-03-17 Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://global.brother/ Software Link:...
BRAdmin Professional 3.75 - 'BRA_Scheduler' Unquoted Service Path
Exploit Title: BRAdmin Professional 3.75 - 'BRAScheduler' Unquoted Service Path Date: 2021-03-17 Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://global.brother/ Software Link:...