548 matches found
CVE-2021-35312
A vulnerability was found in CIR 2000 / Gestionale Amica Prodigy v1.7. The Amica Prodigy's executable "RemoteBackup.Service.exe" has incorrect permissions, allowing a local unprivileged user to replace it with a malicious file that will be executed with "LocalSystem" privileges...
CVE-2021-25276
In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files that include users' password hashes that is world readable and writable. An unprivileged Windows user having access to the server's filesystem can add an FTP user by copying a valid profile file to thi...
CVE-2020-25106
Nanosystems SupRemo 4.1.3.2348 allows attackers to obtain LocalSystem access because File Manager can be used to rename Supremo.exe and then upload a Trojan horse with the Supremo.exe filename...
CVE-2020-25094
LogRhythm Platform Manager 7.4.9 allows Command Injection. To exploit this, an attacker can inject arbitrary program names and arguments into a WebSocket. These are forwarded to any remote server with a LogRhythm Smart Response agent installed. By default, the commands are run with LocalSystem...
CVE-2024-23847
Incorrect default permissions issue exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted...
CVE-2024-36246
Missing authorization vulnerability exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted...
CVE-2025-22447
Incorrect access permission of a specific service issue exists in RemoteView Agent for Windows versions prior to v8.1.5.2. If this vulnerability is exploited, a non-administrative user on the remote PC may execute an arbitrary OS command with LocalSystem privilege...
Multiple vulnerabilities in RemoteView Agent (for Windows)
Overview RemoteView allows a local PC to connect and control remote PCs through the cloud service provided by RSUPPORT Co.,Ltd. On the remote PCs should be installed RemoteView Agent. The following vulnerabilities are reported on RemoteView Agent installation. Incorrect access permission of a...
CVE-2025-22447
Incorrect access permission of a specific service issue exists in RemoteView Agent for Windows versions prior to v8.1.5.2. If this vulnerability is exploited, a non-administrative user on the remote PC may execute an arbitrary OS command with LocalSystem privilege...
CVE-2025-22447
CVE-2025-22447 affects RemoteView Agent (Windows) prior to version 8.1.5.2. The root cause is an incorrect access permission (CWE-276) on a specific service, enabling a non-administrative user on the remote PC to run arbitrary OS commands with LocalSystem privileges. The documented remediation is...
CVE-2025-22447
Incorrect access permission of a specific service issue exists in RemoteView Agent for Windows versions prior to v8.1.5.2. If this vulnerability is exploited, a non-administrative user on the remote PC may execute an arbitrary OS command with LocalSystem privilege...
CVE-2025-22447
Incorrect access permission of a specific service issue exists in RemoteView Agent for Windows versions prior to v8.1.5.2. If this vulnerability is exploited, a non-administrative user on the remote PC may execute an arbitrary OS command with LocalSystem privilege...
RSUPPORT RemoteView Agent 安全漏洞
RSUPPORT RemoteView Agent is a remote control agent program from RSUPPORT Japan. A security vulnerability exists in RSUPPORT RemoteView Agent versions prior to v8.1.5.2, which stems from incorrect access privileges to specific services, and could cause a non-administrative user to execute arbitra...
RSUPPORT RemoteView Agent 安全漏洞
RSUPPORT RemoteView Agent is a remote control agent program from RSUPPORT Japan. A security vulnerability exists in RSUPPORT RemoteView Agent versions prior to v8.1.5.2, which stems from incorrect access permissions to a specific folder, and could cause a non-administrative user to execute...
CVE-2020-15261
On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. Since Veyon users both students and teachers usually don't have...
Genexus Protection Server 9.7.2.10 Unquoted Service Path
Exploit Title: Genexus Protection Server 9.7.2.10 - 'protsrvservice' Unquoted Service Path Service Path Exploit Author : SamAlucard Exploit Date: 2024-07-31 Vendor : Genexus Version : Genexus Protection Server 9.7.2.10 Software Link: https://www.genexus.com/en/developers/downloadcenter?data=;;...
Streamline NX Client < 3.4.3.2 / 3.5.x < 3.5.1.202 / 3.6.x < 3.6.2.2 / 3.7.x < 3.7.2.1 Privilege Escalation (2024-000005)
The version of Streamline NX Client installed on the remote host is prior to 3.4.3.2, 3.5.1.202, 3.6.2.2, or 3.7.2.1. It is, therefore, affected by a vulnerability as referenced in the 2024-000005 advisory. - Use of hard-coded credentials issue exists in Ricoh Streamline NX PC Client ver.3.7.2 an...
CVE-2024-36480
Use of hard-coded credentials issue exists in Ricoh Streamline NX PC Client ver.3.7.2 and earlier. If this vulnerability is exploited, an attacker may obtain LocalSystem Account of the PC where the product is installed. As a result, unintended operations may be performed on the PC...
CVE-2024-36480
Use of hard-coded credentials issue exists in Ricoh Streamline NX PC Client ver.3.7.2 and earlier. If this vulnerability is exploited, an attacker may obtain LocalSystem Account of the PC where the product is installed. As a result, unintended operations may be performed on the PC...
CVE-2024-36480
Use of hard-coded credentials issue exists in Ricoh Streamline NX PC Client ver.3.7.2 and earlier. If this vulnerability is exploited, an attacker may obtain LocalSystem Account of the PC where the product is installed. As a result, unintended operations may be performed on the PC...