WinWaste.NET 安全漏洞

WinWaste.NET is an open source waste management software. A security vulnerability exists in WinWaste.NET version 1.0.6183.16475, which can be exploited by a local, unprivileged attacker to replace an executable file with a malicious file executed with LocalSystem privileges...

CVE-2021-1527 Cisco Webex Player Memory Corruption Vulnerability

A vulnerability in Cisco Webex Player for Windows and MacOS could allow an attacker to cause the affected software to terminate or to gain access to memory state information that is related to the vulnerable application. The vulnerability is due to insufficient validation of values in Webex...

CVE-2021-1526 Cisco Webex Player Memory Corruption Vulnerability

A vulnerability in Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system. This vulnerability is due to insufficient validation of values in Webex recording files that are in Webex Recording Format WRF. An attacker could exploit this...

CVE-2021-1503 Cisco Webex Network Recording Player and Webex Player Memory Corruption Vulnerability

A vulnerability in Cisco Webex Network Recording Player for Windows and MacOS and Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system. This vulnerability is due to insufficient validation of values in Webex recording files that are in...

Exploit for Exposed IOCTL with Insufficient Access Control in Dell Dbutil

CVE-2021-21551 Simple PoC for exploiting CVE-2021-21551 for LP...

Splinterware System Scheduler Professional 5.30 - Unquoted Service Path

Exploit Title: Splinterware System Scheduler Professional 5.30 - Unquoted Service Path Date: 2021-05-11 Exploit Author: Andrea Intilangelo Vendor Homepage: https://www.splinterware.com Software Link: https://www.splinterware.com/download/ssproeval.exe Version: 5.30 Professional Tested on: Windows...

Splinterware System Scheduler Professional 5.30 Unquoted Service Path

Exploit Title: Splinterware System Scheduler Professional 5.30 - Unquoted Service Path Date: 2021-05-11 Exploit Author: Andrea Intilangelo Vendor Homepage: https://www.splinterware.com Software Link: https://www.splinterware.com/download/ssproeval.exe Version: 5.30 Professional Tested on: Windows...

CVE-2021-1530 Cisco BroadWorks Messaging Server XML External Entity Injection Vulnerability

A vulnerability in the web-based management interface of Cisco BroadWorks Messaging Server Software could allow an authenticated, remote attacker to access sensitive information or cause a partial denial of service DoS condition on an affected system. This vulnerability is due to improper handlin...

CVE-2021-29221

A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation's directory, a local attacker could hijack accounts of other users running Erlang programs or possibly coerce a service running with "erlsrv.exe" to execute...

CVE-2021-29221

A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation's directory, a local attacker could hijack accounts of other users running Erlang programs or possibly coerce a service running with "erlsrv.exe" to execute...

Erlang/OTP 代码问题漏洞

erlang/otp is a personal developer of a library written in JavaScript to handle handling exceptions. The library catches exceptions raised by the node.js built-in API. A security vulnerability exists in Erlang/OTP version 23.2.3 and earlier versions, which can be exploited to hijack the account o...

BRAdmin Professional 3.75 - (BRA_Scheduler) Unquoted Service Path Vulnerability

Exploit Title: BRAdmin Professional 3.75 - 'BRAScheduler' Unquoted Service Path Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://global.brother/ Software Link: https://support.brother.com/g/b/downloadend.aspx?c=us&lang=en&prod=hls7000dnuseuas&os=10013&dlid=dlf005042000&flang=4&type3=...

BRAdmin Professional 3.75 Unquoted Service Path

Exploit Title: BRAdmin Professional 3.75 - 'BRAScheduler' Unquoted Service Path Date: 2021-03-17 Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://global.brother/ Software Link:...

BRAdmin Professional 3.75 - 'BRA_Scheduler' Unquoted Service Path

Exploit Title: BRAdmin Professional 3.75 - 'BRAScheduler' Unquoted Service Path Date: 2021-03-17 Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://global.brother/ Software Link:...

CVE-2021-26897

Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26877, CVE-2021-26893, CVE-2021-26894, CVE-2021-26895. Recent assessments: architect00 at April 14, 2021 6:08am UTC reported: Vulnerability Overview 0patch released a blog article about their micro patch...

Information Disclosure

com.squareup, connect is vulnerable to information disclosure. The vulnerability exists due to the shared system temporary directory, allowing contents of the file downloaded by downloadFileFromResponse to be visible to all other users on the local system...

NVIDIA Windows GPU Display Driver (January 2021)

A display driver installed on the remote Windows host is affected by multiple vulnerabilities: - NVIDIA GPU Display Driver contains a vulnerability in the NVIDIA Control Panel component, in which an attacker with local system access can corrupt a system file, which may lead to denial of service o...

CVE-2019-18643

Rock RMS versions before 8.10 and versions 9.0 through 9.3 fails to properly validate files uploaded in the application. The only protection mechanism is a file-extension blacklist that can be bypassed by adding multiple spaces and periods after the file name. This could allow an attacker to uplo...

The vulnerabilities of the information protection systems Secret Net and Secret Net Studio allow attackers to disrupt the proper functioning of information protection systems, potentially bypassing certain security components.

The vulnerability of the kernel driver sncc0.sys of the Secret Net information protection system and Secret Net Studio relates to the ability to obtain information and affect internal objects such as a list of active protection components. Exploiting this vulnerability allows a malicious actor to...

Nanosystems Supremo Access Control Error Vulnerability

Nanosystems Supremo is a remote desktop management software from the Italian company Nanosystems. An access control error vulnerability exists in Nanosystems SupRemo version 4.1.3.2348, which originates from the ability to rename SupRemo .exe using a file manager, and then upload a Trojan horse...