3943 matches found
CVE-2019-6481
Abine Blur 7.8.2431 allows remote attackers to conduct "Second-Factor Auth Bypass" attacks by using the "Perform a right-click operation to access a forgotten dev menu to insert user passwords that otherwise would require the user to accept a second-factor request in a mobile app." approach,...
CVE-2019-6481
Abine Blur 7.8.2431 allows remote attackers to conduct "Second-Factor Auth Bypass" attacks by using the "Perform a right-click operation to access a forgotten dev menu to insert user passwords that otherwise would require the user to accept a second-factor request in a mobile app." approach,...
CVE-2018-17494
eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Virtual Keyboard Start Menu. By visiting the kiosk and pressing windows key twice, an attacker could exploit this vulnerability to close the program and launch other processes on the...
Code injection
eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Virtual Keyboard Start Menu. By visiting the kiosk and pressing windows key twice, an attacker could exploit this vulnerability to close the program and launch other processes on the...
CVE-2018-17494
eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Virtual Keyboard Start Menu. By visiting the kiosk and pressing windows key twice, an attacker could exploit this vulnerability to close the program and launch other processes on the...
SUSE-SU-2019:0629-1 Security update for yast2-rmt
This update for yast2-rmt to 1.2.2 fixes the following issues: Security issue fixed: - CVE-2018-20105: Pass SSL password to Cheetah CLI interface securely bsc1119835 Non-security issues fixed: - Launch as root from gnome-shell menu bsc1123562 - Remove broken hyperlink from help bsc1120672...
WordPress WP Mobile Menu plugin <=2.7.2 - Authenticated Option Update vulnerability (Fremius Library security issue)
Authenticated Option Update vulnerability Fremius Library security issue found in WordPress WP Mobile Menu plugin versions =2.7.2. Solution Update the WordPress WP Mobile Menu plugin to the latest available version at least 2.7.3...
Design/Logic Flaw
Secure boot bypass and memory extraction can be achieved on Neato Botvac Connected 2.2.0 devices. During startup, the AM335x secure boot feature decrypts and executes firmware. Secure boot can be bypassed by starting with certain commands to the USB serial port. Although a power cycle occurs, thi...
CVE-2018-20785
Secure boot bypass and memory extraction can be achieved on Neato Botvac Connected 2.2.0 devices. During startup, the AM335x secure boot feature decrypts and executes firmware. Secure boot can be bypassed by starting with certain commands to the USB serial port. Although a power cycle occurs, thi...
CVE-2018-20785
Secure boot bypass and memory extraction can be achieved on Neato Botvac Connected 2.2.0 devices. During startup, the AM335x secure boot feature decrypts and executes firmware. Secure boot can be bypassed by starting with certain commands to the USB serial port. Although a power cycle occurs, thi...
Notepad++: Command injection by setting a custom search engine
Summary: Arbitrary commands can be injected when using the "Search on Internet" function with a malicious custom search engine. The custom search engine can be set through the GUI or the config files, with different attack scenarios. Description: The "Search on Internet" context menu functionalit...
CVE-2019-0255
SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. That behavior may lead to situation, where business user achieves access to the full SAP Menu, that is 'Easy Access Menu'. The...
CVE-2019-0255
SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. That behavior may lead to situation, where business user achieves access to the full SAP Menu, that is 'Easy Access Menu'. The...
River Past Cam Do 3.7.6 Local Buffer Overflow
Exploit Title: River Past CamDo SEH Local Exploit Date: 07.02.2019 Vendor Homepage:www.riverpast.com Software Link: https://en.softonic.com/download/river-past-cam-do/windows/post-download?sl=1 Exploit Author: Achilles Tested Version: 3.7.6 Tested on: Windows XP SP3 EN 1.- Run python code :...
River Past Audio Converter 7.7.16 - Buffer Overflow (SEH) Exploit
Exploit for windows platform in category local exploits Exploit Title: RiverPastAudioConverter - Buffer Overflow SEH Vendor Homepage: www.riverpast.com Software Link: https://en.softonic.com/download/river-past-audio-converter/windows/post-download?sl=3D1 Exploit Author: Matteo Malvica Tested...
River Past Audio Converter 7.7.16 - Buffer Overflow (SEH)
Exploit Title: RiverPastAudioConverter - Buffer Overflow SEH Date: 06.02.2019 Vendor Homepage: www.riverpast.com Software Link: https://en.softonic.com/download/river-past-audio-converter/windows/post-download?sl=3D1 Exploit Author: Matteo Malvica Tested Version: 7.7.16 Tested on: Windows 10 -...
XenApp7.15-Start menu is blank in ICA session, no icons are visible
...
Arbitrary Command Execution
Overview pyxdg contains implementations of freedesktop.org standards in python. Affected versions of this package are vulnerable to Arbitrary Command Execution via the xdg.Menu.parse function. When it is possible to craft an evil menu file with a Category node containing Python injected code. The...
Cross-site Scripting (XSS)
croogo is susceptible to cross-site scripting XSS attack. The vulnerability exists because it does not sanitize the value of Title field in the Main Menu page, allowing the attacker to inject malicious payload through it...
CVE-2019-7169
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/menus/menus/edit/3...