1065 matches found
SolarWinds Kiwi Syslog Server 8.3.52 Unquoted Service Path
Exploit Title: SolarWinds Kiwi Syslog Server 8.3.52 - 'Kiwi Syslog Server' Unquoted Service Path Date: 2019-11-08 Exploit Author: Carlos A Garcia R Vendor Homepage: https://www.kiwisyslog.com/ Software Link: https://www.kiwisyslog.com/downloads Version: 8.3.52 Tested on: Windows XP Professional...
SolarWinds Kiwi Syslog Server 8.3.52 - 'Kiwi Syslog Server' Unquoted Service Path
Exploit Title: SolarWinds Kiwi Syslog Server 8.3.52 - 'Kiwi Syslog Server' Unquoted Service Path Date: 2019-11-08 Exploit Author: Carlos A Garcia R Vendor Homepage: https://www.kiwisyslog.com/ Software Link: https://www.kiwisyslog.com/downloads Version: 8.3.52 Tested on: Windows XP Professional...
Security Bulletin: NVIDIA GeForce Experience - November 2019
NVIDIA has released a software security update for NVIDIA® GeForce Experience™. This update addresses issues that may lead to code execution, information disclosure, or denial of service. To protect your system, download and install this software update through the GeForce Experience Downloads...
Directory Traversal
xmppserver is vulnerable to directory traversal. Lack of validation of file names in the handleOtherRequest function in PluginServlet.java allows an attacker to retrieve local system files...
The vulnerability of the Redirected Drive Buffering System (rdbss.sys) in Windows operating systems allows a hacker to cause a service failure.
The vulnerability of the Redirected Drive Buffering System rdbss.sys in Windows operating systems relates to the handling of local system calls. Exploiting this vulnerability can allow an attacker to cause a service failure by launching a specially created application...
CVE-2019-3980
The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login and upload and execute an arbitrary executable run...
Design/Logic Flaw
The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login and upload and execute an arbitrary executable run...
CVE-2019-12711 Cisco Unified Communications Manager XML External Expansion Vulnerability
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition SME could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service DoS condition. The vulnerability ...
UBUNTU-CVE-2019-11753
The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. If the Mozilla Maintenance Service is manipulated to update this unprotected location and the updated maintenance service in the...
CVE-2019-11753
The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. If the Mozilla Maintenance Service is manipulated to update this unprotected location and the updated maintenance service in the...
CVE-2019-10882
The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from a stack based buffer overflow in "doHandshakefromServer" function. Local users...
Microsoft Windows and Microsoft Windows Server Privilege Mobilization Vulnerability (CNVD-2019-31845)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. A privilege vulnerability exists in Microsoft Windows, which arises from a program's failu...
CVE-2018-18630
A vulnerability was found in McKesson Cardiology product 13.x and 14.x. Insecure file permissions in the default installation may allow an attacker with local system access to execute unauthorized arbitrary code...
Windows ALPC Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call ALPC. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view...
CVE-2019-1929
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced...
Format string
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced...
Format string
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced...
CVE-2019-1926 Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced...
CVE-2019-1925 Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced...
CVE-2019-1010163
Socusoft Co Photo 2 Video Converter 8.0.0 is affected by: Buffer Overflow - Local shell-code execution and Denial of Service. The impact is: Local privilege escalation dependant upon conditions, shell code execution and denial-of-service. The component is: pdmlog.dll library. The attack vector is...