1065 matches found
Directory Traversal
nagvis is vulnerable to directory traversal. The vulnerability exists due to lack of sanitization of authentication when accessing the directory path allowing an attacker to delete files on the local system...
kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode
A denial of service in the kernel side of the FUSE functionality can allow a local system to create a denial of service...
Mozilla Firefox Security Advisory (MFSA2013-83) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
Microsoft Windows DNS Server Remote Code Execution Vulnerability
Microsoft Windows DNS Servers fail to properly handle requests, allowing an attacker to perform remote code execution in the context of the Local System Account. The vulnerability is also known under the moniker of SIGRed...
Dynojet Power Core 2.3.0 - Unquoted Service Path Vulnerability
Exploit Title: Dynojet Power Core 2.3.0 - Unquoted Service Path Exploit Author: Pedro Sousa Rodrigues https://www.0x90.zone/ / @PedroSECR Version: 2.3.0 Build 303 Vendor Homepage: https://www.dynojet.com/ Software Link: https://docs.dynojet.com/Document/18762 Tested on: Windows 10 Version 21H1 OS...
Dynojet Power Core 2.3.0 Unquoted Service Path
Exploit Title: Dynojet Power Core 2.3.0 - Unquoted Service Path Exploit Author: Pedro Sousa Rodrigues https://www.0x90.zone/ / @PedroSECR Version: 2.3.0 Build 303 Date: 30.10.2021 Vendor Homepage: https://www.dynojet.com/ Software Link: https://docs.dynojet.com/Document/18762 Tested on: Windows 1...
CVE-2021-37364
OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default the Authenticated Users group has the modify permission to openclinic folders/files. A low privilege account is able to rename mysqld.exe or tomcat8.exe files located in bin folders and replace with a malicious file that would...
CVE-2021-37363
An Insecure Permissions issue exists in Gestionale Open 11.00.00. A low privilege account is able to rename the mysqld.exe file located in bin folder and replace with a malicious file that would connect back to an attacking computer giving system level privileges nt authority\system due to the...
Path traversal
An Insecure Permissions issue exists in Gestionale Open 11.00.00. A low privilege account is able to rename the mysqld.exe file located in bin folder and replace with a malicious file that would connect back to an attacking computer giving system level privileges nt authority\system due to the...
CVE-2021-37364
OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default the Authenticated Users group has the modify permission to openclinic folders/files. A low privilege account is able to rename mysqld.exe or tomcat8.exe files located in bin folders and replace with a malicious file that would...
CVE-2021-37363
An Insecure Permissions issue exists in Gestionale Open 11.00.00. A low privilege account is able to rename the mysqld.exe file located in bin folder and replace with a malicious file that would connect back to an attacking computer giving system level privileges nt authority\system due to the...
CVE-2021-33178
The Manage Backgrounds functionality within NagVis versions prior to 1.9.29 is vulnerable to an authenticated path traversal vulnerability. Exploitation of this results in a malicious actor having the ability to arbitrarily delete files on the local system...
CVE-2021-33178
The Manage Backgrounds functionality within NagVis versions prior to 1.9.29 is vulnerable to an authenticated path traversal vulnerability. Exploitation of this results in a malicious actor having the ability to arbitrarily delete files on the local system...
Nagios 路径遍历漏洞
Nagios XI is an IT infrastructure monitoring solution from Nagios, Inc. The solution supports monitoring and alerting of applications, services, operating systems, etc. Nagvis versions prior to 2.0.9 have a security vulnerability that could allow an attacker to arbitrarily delete files on the loc...
CVE-2021-29645
Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendMessageTimeoutW API with arbitrary arguments via a local pipe, leading to a local privilege escalation vulnerability. An attacker who exploits this issue could execute arbitrary code on the local system...
JP1/IT Desktop Management 2 安全漏洞
Hitachi JP1/IT Desktop Management 2 is an automated collection of various types of information from Hitachi, Japan Hitachi that allows you to manage it in one place. A security vulnerability exists in Hitachi JP1 IT Desktop Management that originates from a local privilege escalation vulnerabilit...
Nagios server-side request forgery vulnerability
Nagios is an open source, free network monitoring tool from Nagios, Inc. NagiosXI in version 5.8.4 has a server-side request forgery vulnerability, which stems from the product's failure to properly validate user input and could be exploited by an authenticated attacker to access internal resourc...
CVE-2021-37223
Nagios Enterprises NagiosXI = 5.8.4 contains a Server-Side Request Forgery SSRF vulnerability in schedulereport.php. Any authenticated user can create scheduled reports containing PDF screenshots of any view in the NagiosXI application. Due to lack of input sanitisation, the target page can be...
Server side request forgery (ssrf)
Nagios Enterprises NagiosXI = 5.8.4 contains a Server-Side Request Forgery SSRF vulnerability in schedulereport.php. Any authenticated user can create scheduled reports containing PDF screenshots of any view in the NagiosXI application. Due to lack of input sanitisation, the target page can be...
CVE-2021-35312
A vulnerability was found in CIR 2000 / Gestionale Amica Prodigy v1.7. The Amica Prodigy's executable "RemoteBackup.Service.exe" has incorrect permissions, allowing a local unprivileged user to replace it with a malicious file that will be executed with "LocalSystem" privileges...