MobileTrans 4.0.11 Weak Service Permissions

Vendor Name: MobileTrans Product Name: MobileTrans Vendor Home Page: https://mobiletrans.wondershare.com/ Affected Versions: MobileTrans version 4.0.11 Vulnerability Type: Weak Service Permissions CWE-276 CVE Reference: CVE-2023-31748 Security Researcher: Thurein Soe Vulnerability description:...

K35195140: BIG-IQ Access Manager role vulnerability CVE-2017-6152

Security Advisory Description A local BIG-IQ user with the Access Manager role has privileges to change the passwords of other users on the system, including the local admin account password. CVE-2017-6152 Impact This vulnerability allows increased privileges for user accounts with the Access...

Information disclosure

An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agen...

CVE-2022-4429

Avira Security for Windows contains an unquoted service path which allows attackers with local administrative privileges to cause a Denial of Service. The issue was fixed with Avira Security version 1.1.78...

Code injection

Avira Security for Windows contains an unquoted service path which allows attackers with local administrative privileges to cause a Denial of Service. The issue was fixed with Avira Security version 1.1.78...

SAP Host Agent 访问控制错误漏洞

SAP Host Agent is a set of agent programs from SAP that supports a number of lifecycle management tasks such as operating system monitoring, database monitoring and system instance monitoring. An Access Control Error vulnerability exists in SAP Host Agent versions 7.21 and 7.22, which arises from...

VMware ESXi 7.0 / 8.0 Heap Out-of-bounds Write (VMSA-2022-0033)

VMware ESXi contain a heap out-of-bounds write vulnerability in the USB 2.0 controller EHCI. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. The exploitation is contained...

CVE-2022-32483

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable...

PT-2022-21338 · Dell · Dell Bios

Name of the Vulnerable Software and Affected Versions: Dell BIOS affected versions not specified Description: The issue is related to improper input validation. A local authenticated malicious user with admin privileges may potentially exploit this to modify a UEFI variable. Recommendations: At t...

CVE-2022-31223

Dell BIOS versions contain an Improper Neutralization of Null Byte vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by sending unexpected null bytes in order to read memory on the system...

CVE-2022-0486

Improper file permissions in the CommandPost, Collector, Sensor, and Sandbox components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected files and enable escalation of privileges equivalent to the root user. The vulnerability is...

CVE-2022-0997

Improper file permissions in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected script files, which could result in arbitrary commands being run as root upon subsequent logon by a...

Miele Benchmark Programming Tool 1.1.49 / 1.2.71 Privilege Escalation

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Privilege Escalation product: Miele Benchmark Programming Tool vulnerable version: at least 1.1.49 and 1.2.71 fixed version: 1.2.72 CVE number: CVE-2022-22521 impact:...

ADReaper - A Fast Enumeration Tool For Windows Active Directory Pentesting Written In Go

ADReaper is a tool written in Golang which enumerate a Active Directory environment with LDAP queries within few seconds. Installation You can download precompiled executable binaries for Windows/Linux from latest releases Install from source To build from source, clone the repo and build it with...

PT-2022-16212 · Hewlett Packard · Hpe Superdome Flex 280 Server +1

Name of the Vulnerable Software and Affected Versions: HPE Superdome Flex Server versions prior to 3.50.58 HPE Superdome Flex 280 Server versions prior to 1.20.204 Description: A potential security issue has been identified that could allow a user with Administrator access to escalate their...

CVE-2021-36290

Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain privileges...

CVE-2021-36290

Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain privileges...

CVE-2022-22560

Dell EMC PowerScale OneFS 8.1.x - 9.1.x contain hard coded credentials. This allows a local user with knowledge of the credentials to login as the admin user to the backend ethernet switch of a PowerScale cluster. The attacker can exploit this vulnerability to take the switch offline...

CVE-2021-25269

A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and Sophos Intercept X Advanced for Server before version 2.0.23, as well as Sophos Exploit Prevention...

CVE-2021-25269

CVE-2021-25269 describes a local unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced (and Advanced for Server) prior to 2.0.23, and Sophos Exploit Prevention prior to 3.8.3. This could allow a local administrator to prevent the HMPA service from starting despi...