548 matches found
CVE-2023-34407
OfflinePlayerService.exe in Harbinger Offline Player 4.0.6.0.2 allows directory traversal as LocalSystem via ..\ in a URL...
CVE-2023-34407
OfflinePlayerService.exe in Harbinger Offline Player 4.0.6.0.2 allows directory traversal as LocalSystem via ..\ in a URL...
Directory traversal
OfflinePlayerService.exe in Harbinger Offline Player 4.0.6.0.2 allows directory traversal as LocalSystem via ..\ in a URL...
PT-2023-24859 · Unknown · Harbinger Offline Player
Name of the Vulnerable Software and Affected Versions: Harbinger Offline Player version 4.0.6.0.2 Description: The issue allows directory traversal as LocalSystem via .. in a URL. This can be exploited in OfflinePlayerService.exe. Recommendations: For Harbinger Offline Player version 4.0.6.0.2,...
CVE-2023-34407
The CVE-2023-34407 entry affects Harbinger Offline Player 4.0.6.0.2, specifically OfflinePlayerService.exe, which allows directory traversal via ..\ in a URL. Reported impact is confidentiality loss (C: High) with no impact to integrity or availability, and CVSSv3.1 base score 7.5 (NETWORK, LOW c...
CVE-2023-34407
OfflinePlayerService.exe in Harbinger Offline Player 4.0.6.0.2 allows directory traversal as LocalSystem via ..\ in a URL...
File Replication Pro 7.5.0 - Privilege Escalation/Password reset due Incorrect Access Control
Exploit Title: File Replication Pro 7.5.0 - Privilege Escalation/Password reset due Incorrect Access Control Date: 2023-04-13 Exploit Author: Andrea Intilangelo Vendor Homepage: http://www.diasoft.net - https://www.filereplicationpro.com Software Link:...
CVE-2023-26918
Diasoft File Replication Pro 7.5.0 allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that will be executed as LocalSystem. This occurs because %ProgramFiles%\FileReplicationPro allows Everyone:F access...
CVE-2023-26918
Diasoft File Replication Pro 7.5.0 allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that will be executed as LocalSystem. This occurs because %ProgramFiles%\FileReplicationPro allows Everyone:F access...
File Replication Pro 7.5.0 Insecure Permissions / Privilege Escalation
Exploit Title: File Replication Pro 7.5.0 - Password disclosure/reset & PrivEsc due Incorrect Access Control Date: 2023-04-13 Exploit Author: Andrea Intilangelo Vendor Homepage: http://www.diasoft.net - https://www.filereplicationpro.com Software Link:...
PT-2023-20846 · Diasoft · Diasoft File Replication Pro
Name of the Vulnerable Software and Affected Versions: Diasoft File Replication Pro version 7.5.0 Description: The issue allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that will be executed as LocalSystem. This occurs because the directory...
ESET Service 16.0.26.0 - 'Service ekrn' Unquoted Service Path
Exploit Title: ESET Service 16.0.26.0 - 'Service ekrn' Unquoted Service Path Exploit Author: Milad Karimi Ex3ptionaL Exploit Date: 2023-04-05 Vendor : https://www.eset.com Version : 16.0.26.0 Tested on OS: Microsoft Windows 11 pro x64 PoC : ============== C:\sc qc ekrn SC QueryServiceConfig SUCCE...
Gestionale Open 12.00.00 Unquoted Service Path
Exploit Title: Gestionale Open 12.00.00 - 'DBGO80' Unquoted Service Path Exploit by: Luis Martinez Discovery Date: 2022-10-05 Vendor Homepage: https://www.gestionaleopen.org/ Software Link : https://www.gestionaleopen.org/download/ Tested Version: 12.00.00 Vulnerability Type: Unquoted Service Pat...
Zabbix Agent 6.2.7 Insecure Permissions / Privilege Escalation Vulnerabilities
Zabbix Agent and Zabbix Agent 2 versions 6.2.7 and below suffer from an issue where it does not secure the permissions on a non-default installation directory, allowing an attacker to place a malicious executable to escalate privileges. Exploit Title: Zabbix agents - Insecure Permissions on...
CVE-2022-38777
An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account...
Elastic Endpoint Security 安全漏洞
Elastic Endpoint Security is a suite of endpoint security solutions from Elastic. A security vulnerability exists in Elastic Endpoint Security for Windows. An attacker exploited the vulnerability to elevate its privileges to those of the LocalSystem account...
CVE-2022-38777
An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account...
CVE-2022-38774
An issue was discovered in the quarantine feature of Elastic Endpoint Security and Elastic Endgame for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account...
CVE-2022-38775
An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account...
PT-2023-13651 · Elastic · Endpoint Security +1
Name of the Vulnerable Software and Affected Versions: Elastic Endpoint Security and Elastic Endgame for Windows affected versions not specified Description: An issue was discovered in the quarantine feature, which could allow unprivileged users to elevate their privileges to those of the...