158 matches found
CVE-2022-46782
An issue was discovered in Stormshield SSL VPN Client before 3.2.0. A logged-in user, able to only launch the VPNSSL Client, can use the OpenVPN instance to execute malicious code as administrator on the local machine...
CVE-2023-30618
Kitchen-Terraform provides a set of Test Kitchen plugins which enable the use of Test Kitchen to converge a Terraform configuration and verify the resulting infrastructure systems with InSpec controls. Kitchen-Terraform v7.0.0 introduced a regression which caused all Terraform output values,...
CVE-2023-30618 Sensitive Terraform Output Values Printed At Info Logging Level In Kitchen-Terraform
Kitchen-Terraform provides a set of Test Kitchen plugins which enable the use of Test Kitchen to converge a Terraform configuration and verify the resulting infrastructure systems with InSpec controls. Kitchen-Terraform v7.0.0 introduced a regression which caused all Terraform output values,...
Exploit for Improper Control of Dynamically-Managed Code Resources in Vm2_Project Vm2
Exploit-For-CVE-2022-36067 This repo contains payload for the...
CVE-2021-42777
Stimulsoft aka Stimulsoft Reports 2013.1.1600.0, when Compilation Mode is used, allows an attacker to execute arbitrary C code on any machine that renders a report, including the application server or a user's local machine, as demonstrated by System.Diagnostics.Process.Start...
CVE-2021-44425
An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.3. An unnecessarily open listening port on a machine in the LAN of an attacker, opened by the Anydesk Windows client when using the tunneling feature, allows the attacker unauthorized access to the local machine's AnyDesk...
CVE-2022-0852
There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the password via the process command line via e.g. htop or ps. The specific impact varies upon the...
CVE-2022-0852
There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the password via the process command line via e.g. htop or ps. The specific impact varies upon the...
CVE-2022-0851
There is a flaw in convert2rhel. When the --activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the activation key via the process command line v...
Security Bulletin: IBM Tivoli Storage Manager FastBack Mount Remote Code Execution Vulnerability (CVE-2015-0119)
Summary IBM Tivoli Storage Manager FastBack Mount might be vulnerable to remote code execution from the network or local machine. Vulnerability Details CVEID: CVE-2015-0119 DESCRIPTION: The Mount from IBM Tivoli Storage Manager FastBack 6.1.11 and earlier versions might be vulnerable to remote co...
Security Bulletin: IBM Tivoli Storage Manager FastBack Mount Buffer Overflow (CVE-2015-0120)
Summary IBM Tivoli Storage Manager FastBack Mount might be vulnerable to buffer overflow from the network or local machine. Vulnerability Details CVEID: CVE-2015-0120 DESCRIPTION: The Mount from IBM Tivoli Storage Manager FastBack 6.1.11 and earlier versions might be vulnerable to buffer overflow...
CVE-2022-25089
Printix Secure Cloud Print Management through 1.3.1106.0 incorrectly uses Privileged APIs to modify values in HKEYLOCALMACHINE via UITasks.PersistentRegistryData...
CVE-2022-22727
A CWE-20: Improper Input Validation vulnerability exists that could allow an unauthenticated attacker to view data, change settings, impact availability of the software, or potentially impact a user�s local machine when the user clicks a specially crafted link. Affected Product: EcoStruxure Power...
DonPAPI - Dumping DPAPI Credz Remotely
Dumping revelant information on compromised targets without AV detection DPAPI dumping Lots of credentials are protected by DPAPI. We aim at locating those "secured" credentials, and retreive them using : User password Domaine DPAPI BackupKey Local machine DPAPI Key protecting TaskScheduled blob...
CVE-2021-28581
Adobe Creative Cloud Desktop 3.5 and earlier is affected by an uncontrolled search path vulnerability that could result in elevation of privileges. Exploitation of this issue requires user interaction in that a victim must log on to the attacker's local machine...
CVE-2021-28581 Adobe Creative Cloud Desktop uncontrolled search path element vulnerability could lead to local privilege escalation
Adobe Creative Cloud Desktop 3.5 and earlier is affected by an uncontrolled search path vulnerability that could result in elevation of privileges. Exploitation of this issue requires user interaction in that a victim must log on to the attacker's local machine...
CVE-2021-22153
A Remote Code Execution vulnerability in the Management Console component of BlackBerry UEM versions 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially cause the spreadsheet application to run commands on the victim’s local machine with the authority of th...
Mozilla: More internal network hosts could have been probed by a malicious webpage
Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox 85...
Mozilla: More internal network hosts could have been probed by a malicious webpage
Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox 85...
Remote Code Execution (RCE)
firefox-esr / thunderbird is vulnerable to remote code execution. When a user is surfing a malicious webpage, it could scanned both an internal network’s hosts as well as services running on the user’s local machine utilizing WebRTC connections...