48 matches found
Arbitrary File Write
LPRng is vulnerable to arbitrary file write. A local unauthenticated attacker could overwrite arbitrary files via a symbolic link attack on the /tmp/before file of the psbanner component...
Improper access control
Improper Access Control in the Kiosk Mode functionality of Bosch Recording Station allows a local unauthenticated attacker to escape from the Kiosk Mode and access the underlying operating system...
CVE-2020-5752
Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges...
Druva inSync Windows Client Arbitrary OS Command Execution Vulnerability
Druva inSync Client is a lightweight application that manages data backups and allows collaboration with other users.Druva inSync Windows Client is for Windows. An arbitrary operating system command execution vulnerability exists in Druva inSync Windows Client 6.5.0. The vulnerability stems from...
OPENSUSE-SU-2019:1352-1 Security update for ovmf
This update for ovmf fixes the following issues: Security issue fixed: - CVE-2019-0161: Fixed a stack overflow in UsbBusDxe and UsbBusPei, which could potentially be triggered by a local unauthenticated user bsc1131361. This update was imported from the SUSE:SLE-15:Update update project...
SIPP 3.3 Stack-Based Overflow
Exploit Author: Juan Sacco - http://exploitpack.com Tested on: Kali i686 GNU/Linux Description: SIPP 3.3 is prone to a local unauthenticated stack-based overflow The vulnerability is due to an unproper filter of user supplied input while reading the configuration file and parsing the malicious...
CVE-2018-0100
A vulnerability in the Profile Editor of the Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, local attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of the XML External Entity XXE entries when...
Cisco Releases Multiple Security Advisories
Cisco has released three security advisories to address multiple vulnerabilities. These vulnerabilities may allow a local unauthenticated user to execute arbitrary commands with escalated privileges or cause a denial-of-service DoS condition. These vulnerabilities affect the following: Cisco...