CVE-2021-42255

AppGuard Enterprise before 6.7.100.1 creates a Temporary File in a Directory with Insecure Permissions. Local users can gain SYSTEM privileges because a repair operation relies on the %TEMP% directory of an unprivileged user...

CVE-2022-20075

In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05838808; Issue ID: ALPS05838808...

CVE-2022-1030

Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be vulnerable to command injection via a specially crafted URL. An attacker, who has knowledge of a valid team name for the victim and also knows a valid target host where the user has access, can execute...

Sysax FTP Automation 6.9.0 Privilege Escalation

Exploit Author: bzyo @bzyo Exploit Title: Sysax FTP Automation 6.9.0 - Privilege Escalation Date: 03-20-2022 Vulnerable Software: Sysax FTP Automation 6.9.0 Vendor Homepage: https://www.sysax.com/ Version: 6.9.0 Software Link: https://www.sysax.com/download/sysaxautosetup.msi Tested on: Windows 1...

Sysax FTP Automation 6.9.0 - Privilege Escalation Vulnerability

Exploit Author: bzyo @bzyo Exploit Title: Sysax FTP Automation 6.9.0 - Privilege Escalation Vulnerable Software: Sysax FTP Automation 6.9.0 Vendor Homepage: https://www.sysax.com/ Version: 6.9.0 Software Link: https://www.sysax.com/download/sysaxautosetup.msi Tested on: Windows 10 x64 Details:...

Sysax FTP Automation 6.9.0 - Privilege Escalation

Exploit Author: bzyo @bzyo Exploit Title: Sysax FTP Automation 6.9.0 - Privilege Escalation Date: 03-20-2022 Vulnerable Software: Sysax FTP Automation 6.9.0 Vendor Homepage: https://www.sysax.com/ Version: 6.9.0 Software Link: https://www.sysax.com/download/sysaxautosetup.msi Tested on: Windows 1...

CVE-2022-26503

Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allows local users to run arbitrary code with local system privileges...

Deserialization of untrusted data

Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allows local users to run arbitrary code with local system privileges...

CVE-2022-26503

Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allows local users to run arbitrary code with local system privileges...

CVE-2022-26503

CVE-2022-26503 affects Veeam Agent for Windows (2.x–5.x). Deserialization of untrusted data allows a local attacker to execute arbitrary code with LOCAL SYSTEM privileges. Root cause: improper handling of serialized data in the Veeam Agent service over the Windows port (per Red Hat/NVD entries). ...

CVE-2022-26503

Challenge Vulnerability CVE-2022-26503 in Veeam Agent for Microsoft Windows allows local privilege escalation. An attacker who successfully exploited this vulnerability could run arbitrary code with LOCAL SYSTEM privileges. Severity : High CVSS v3 score : 7.8 Cause Veeam Agent for Microsoft Windo...

otris Update Manager 授权问题漏洞

otris Update Manager is used by otris for compliance digitization. A security vulnerability exists in otris Update Manager 1.2.1.0 that allows local users to gain access to SYSTEM via unauthenticated calls and allows remote attacks on HTTP traffic on TCP port 9000 using WsHTTPBinding...

CVE-2022-24716

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including icingaweb2 configuration files with database credentials. This issue has been resolv...

Atlassian Confluence Server权限提升漏洞

Atlassian Confluence Server is a server version of Atlassian Australia's suite of collaborative software with enterprise knowledge management capabilities and support for building enterprise WiKi. An elevation of privilege vulnerability exists in Atlassian Confluence Server, which stems from an...

CVE-2022-20035

In vcu driver, there is a possible information disclosure due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171675; Issue ID: ALPS06171675...

CVE-2021-40363

CVE-2021-40363 affects Siemens SIMATIC PCS 7 and WinCC products. The underlying issue is that the affected component stores local system account credentials in a publicly accessible project file using an outdated cipher algorithm, enabling an attacker to brute-force credentials and take over the ...

Nimforum 路径遍历漏洞

Nimforum is a lightweight forum implementation that shares many similarities with Discourse. It is implemented in the Nim programming language and uses SQLite as its database. Nimforum suffers from a path traversal vulnerability, which arises from the fact that any forum user can create a post...

Citrix ADC upgrade operations might cause login failure for local system user accounts

Any of the following Citrix ADC upgrade operations might cause login failure for local system user accounts: from Citrix ADC 13.0-83.x buildor later buildsto Citrix ADC 13.1-4.x build from Citrix ADC 12.1-63.x buildor later buildsto Citrix ADC 13.1-4.x build from Citrix ADC 12.1-63.x buildor late...

CVE-2021-45337

Privilege escalation vulnerability in the Self-Defense driver of Avast Antivirus prior to 20.8 allows a local user with SYSTEM privileges to gain elevated privileges by "hollowing" process wscproxy.exe which could lead to acquire antimalware AM-PPL protection...

Keybase 安全漏洞

Keybase is a social networking platform that supports end-to-end encryption based on PGP technology. A security vulnerability in the Windows version of the Keybase client prior to version 5.6.0 can be exploited by malicious actors with write access to a user's Git repository to execute arbitrary...