CVE-2020-8015

CVE-2020-8015 is a local privilege-escalation in Exim packaging affecting openSUSE Factory exim versions prior to 4.93.0.4-3.1. The issue allows escalation from the mail user to root via a UNIX symbolic link (Symlink) following vulnerability. Remediation is to upgrade to Exim 4.93.0.4 or newer; S...

PT-2020-12395 · Tp Link · Tp-Link Archer A7

Name of the Vulnerable Software and Affected Versions: TP-Link Archer A7 Firmware version 190726 Description: This issue allows local attackers to escalate privileges on affected installations of TP-Link Archer A7 routers. An attacker must first obtain the ability to execute low-privileged code o...

CVE-2019-4001

CVE-2019-4001 affects Druva inSync Client 6.5.0. The issue is an improper input validation vulnerability that allows a local, authenticated attacker to execute arbitrary NodeJS code. Root cause and detailed exploit steps are not provided in the connected documents. The CVSS metrics indicate a loc...

CyberArk PSMP 10.9.1 - Policy Restriction Bypass

Exploit Title: CyberArk PSMP 10.9.1 - Policy Restriction Bypass Google Dork: NA Date: 2020-02-25 Exploit Author: LAHBAL Said Vendor Homepage: https://www.cyberark.com/ Software Link: https://www.cyberark.com/ Version: PSMP = 11.1 Prerequisites Policy allows us to overwrite PSMRemoteMachine...

PT-2020-1931 · Cisco · Cisco Sd-Wan Solution

Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN Solution software affected versions not specified Description: A vulnerability in the software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system due to insufficient inpu...

Parallels Desktop OS X Host Kernel Module Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the IOCTL handler...

CVE-2020-0505

Improper conditions check in IntelR Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable information disclosure and denial of service via local...

Cisco Adaptive Security Appliance (ASA) Software Command Injection Vulnerability (cisco-sa-20200226-fxos-ucs-cli-cmdinj)

According to its self-reported version, Cisco ASA Software is affected by a command injection vulnerability within the local management local-mgmt CLI of Cisco ASA Software due to insufficient input validation. An authenticated, local attacker can exploit this to execute arbitrary commands on the...

CVE-2020-6208

SAP Business Objects Business Intelligence Platform Crystal Reports, versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the attacker to control the behaviour of the application, leading to Remote Code Execution...

CVE-2020-6208

SAP Business Objects Business Intelligence Platform Crystal Reports, versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the attacker to control the behaviour of the application, leading to Remote Code Execution...

Design/Logic Flaw

SAP Business Objects Business Intelligence Platform Crystal Reports, versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the attacker to control the behaviour of the application, leading to Remote Code Execution...

Windows Graphics Component Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. In a local attack scenario, an attacker could exploit this vulnerability b...

Windows Graphics Component Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. In a local attack scenario, an attacker could exploit this vulnerability b...

PT-2020-1990 · Cisco +1 · Cisco Fxos +1

Name of the Vulnerable Software and Affected Versions: Cisco FXOS Software affected versions not specified Description: A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a...

CVE-2020-6841

D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter. Recent assessments: kevthehermit at February 22, 2020 10:59pm UTC reported: This analysis is a transcript of a public gist –...

SUSE-SU-2019:2820-2 Security update for dbus-1

This update for dbus-1 fixes the following issues: Security issue fixed: - CVE-2019-12749: Fixed an implementation flaw in DBUSCOOKIESHA1 which could have allowed local attackers to bypass authentication bsc1137832...

OpenTFTP 1.66 - Local Privilege Escalation Vulnerability

Exploit Title: OpenTFTP 1.66 - Local Privilege Escalation Exploit Author: boku Vendor Homepage: https://sourceforge.net/projects/tftp-server/ Software Link: https://sourceforge.net/projects/tftp-server/files/tftp%20server%20single%20port/OpenTFTPServerSPInstallerV1.66.exe/download Version: 1.66...

Windows Graphics Component Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. In a local attack scenario, an attacker could exploit this vulnerability b...

Windows Graphics Component Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. In a local attack scenario, an attacker could exploit this vulnerability b...

Code Execution Vulnerability in IBM SDK Java Technology Edition

IBM SDK, Java Technology Edition is a software development kit for Java application development from IBM, USA. A security vulnerability exists in IBM SDK Java Technology Edition versions 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0. A local attacker could explo...