1073 matches found
BRAdmin Professional 3.75 Unquoted Service Path
Exploit Title: BRAdmin Professional 3.75 - 'BRAScheduler' Unquoted Service Path Date: 2021-03-17 Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://global.brother/ Software Link:...
BRAdmin Professional 3.75 - 'BRA_Scheduler' Unquoted Service Path
Exploit Title: BRAdmin Professional 3.75 - 'BRAScheduler' Unquoted Service Path Date: 2021-03-17 Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://global.brother/ Software Link:...
CVE-2021-26897
Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26877, CVE-2021-26893, CVE-2021-26894, CVE-2021-26895. Recent assessments: architect00 at April 14, 2021 6:08am UTC reported: Vulnerability Overview 0patch released a blog article about their micro patch...
Information Disclosure
com.squareup, connect is vulnerable to information disclosure. The vulnerability exists due to the shared system temporary directory, allowing contents of the file downloaded by downloadFileFromResponse to be visible to all other users on the local system...
NVIDIA Windows GPU Display Driver (January 2021)
A display driver installed on the remote Windows host is affected by multiple vulnerabilities: - NVIDIA GPU Display Driver contains a vulnerability in the NVIDIA Control Panel component, in which an attacker with local system access can corrupt a system file, which may lead to denial of service o...
CVE-2019-18643
Rock RMS versions before 8.10 and versions 9.0 through 9.3 fails to properly validate files uploaded in the application. The only protection mechanism is a file-extension blacklist that can be bypassed by adding multiple spaces and periods after the file name. This could allow an attacker to uplo...
The vulnerabilities of the information protection systems Secret Net and Secret Net Studio allow attackers to disrupt the proper functioning of information protection systems, potentially bypassing certain security components.
The vulnerability of the kernel driver sncc0.sys of the Secret Net information protection system and Secret Net Studio relates to the ability to obtain information and affect internal objects such as a list of active protection components. Exploiting this vulnerability allows a malicious actor to...
Nanosystems Supremo Access Control Error Vulnerability
Nanosystems Supremo is a remote desktop management software from the Italian company Nanosystems. An access control error vulnerability exists in Nanosystems SupRemo version 4.1.3.2348, which originates from the ability to rename SupRemo .exe using a file manager, and then upload a Trojan horse...
CVE-2020-25106
CVE-2020-25106 affects Nanosystems SupRemo 4.1.3.2348. When running as a service, File Manager can modify system-privileged files, allowing an attacker to rename Supremo.exe and upload a Trojan to achieve LocalSystem access. Vulnerable version: 4.1.3.2348. Fixed version: 4.2.0.2423. Exploitation ...
SUPREMO 4.1.3.2348 Privilege Escalation
Details ======= Subject: Local Privilege Escalation Product: SUPREMO by Nanosystems S.r.l. Vendor Homepage: https://www.supremocontrol.com/ Vendor Status: fixed version released Vulnerable Version: 4.1.3.2348 No other version was tested, but it is believed for the older versions to be also...
Realtek Andrea RT Filters 1.0.64.10 Unquoted Service Path
Exploit Title: Realtek Andrea RT Filters 1.0.64.10 - 'AERTSr64.EXE' Unquoted Service Path Discovery by: Erika Figueroa Discovery Date: 2020-11-07 Vendor Homepage: https://www.realtek.com/en/ Tested Version: 1.0.64.10 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 8.1 x64 es Step ...
NVIDIA GeForce Experience Denial of Service and Elevation of Privilege Vulnerability
NVIDIA GeForce Experience is graphics card driver update software that helps to check your computer's geforce drivers and update them to the latest version. A denial of service and elevation of privilege vulnerability exists in NVIDIA GeForce Experience versions prior to 3.20.5.70. The...
FruityWifi Elevation of Privilege Vulnerability
FruityWifi is a wireless network auditing tool. A security vulnerability exists in FruityWifi version 2.4 and prior versions, which stems from the presence of a fail-safe Sudo configuration ALL: ALL NOPASSWD: ALL. The vulnerability can be exploited by an attacker to perform a system-level root...
CVE-2020-24848
CVE-2020-24848 affects FruityWifi up to version 2.4, where an unsafe sudo configuration (ALL: ALL) NOPASSWD: ALL enables local root privilege escalation. This misconfiguration allows an attacker with local access to obtain full persistent control over the system. Publicly documented sources (incl...
CVE-2020-5978
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in its services in which a folder is created by nvcontainer.exe under normal user login with LOCALSYSTEM privileges which may lead to a denial of service or escalation of privileges...
VulnCheck KEV: CVE-2020-1350
Microsoft Windows DNS Servers fail to properly handle requests, allowing an attacker to perform remote code execution in the context of the Local System Account. The vulnerability is also known under the moniker of SIGRed...
Vulnerabilities fixed in Acronis Cyber Backup and True Image
Acronis has fixed multiple vulnerabilities in Cyber Backup and True Image. A local malicious party could potentially exploit them to execute arbitrary code under SYSTEM privileges. To do this, a rogue file must be placed in a specific folder on the file system. Acronis has released updates to fix...
Input validation
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex...
Input validation
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex...
Input validation
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex...