162 matches found
CVE-2018-8044
K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: Incorrect Access Control. The impact is: Local Process Execution local. The component is: K7Sentry.sys...
CVE-2018-8044
K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: Incorrect Access Control. The impact is: Local Process Execution local. The component is: K7Sentry.sys...
CVE-2018-8044
K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: Incorrect Access Control. The impact is: Local Process Execution local. The component is: K7Sentry.sys...
CVE-2018-8044
CVE-2018-8044 affects K7Computing K7Antivirus Premium 15.1.0.53. The vulnerability is an Incorrect Access Control in the K7Sentry.sys driver, enabling Local Process Execution (local) with low attack complexity and no authentication. NVD CVSS metrics: CVSS v2 base 4.6 (Local, Partial confidentiali...
K7 Computing Antivirus Premium和Mobileiron Sentry 访问控制错误漏洞
K7AntiVirus Premium is a security suite from K7 Computing that provides reliable protection against online threats and fraudulent activities, thus protecting you from viruses and cyber attacks. An access control error vulnerability exists in K7Sentry.sys in K7 Computing K7AntiVirus Premium...
PYSEC-2020-222
While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of templated text fields in the product that would allow arbitrary access to Python’s os package in the web application process in versions 0.37.1. It was thus...
Type confusion
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.2.29539. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Sinter - A User-Mode Application Authorization System For MacOS Written In Swift
Sinter is a 100% user-mode endpoint security agent for macOS 10.15 and above, written in Swift. Sinter uses the user-mode EndpointSecurity API to subscribe to and receive authorization callbacks from the macOS kernel, for a set of security-relevant event types. The current version of Sinter...
Microsoft Outlook EML Rendering Out-Of-Bounds Read Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Outlook. User interaction is required to exploit this vulnerability in that the target must open a malicious email. The specific flaw exists within the rendering of emails. The issue result...
Using Real-Time Events in Investigations
To understand what a threat actor did on a Windows system, analysts often turn to the tried and true sources of historical endpoint artifacts such as the Master File Table MFT, registry hives, and Application Compatibility Cache AppCompat. However, these evidence sources were not designed with...
CVE-2020-10898
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
VulnCheck KEV: CVE-2019-1322
A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context...
Adobe Photoshop EPS BoundingBox Element Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the...
Crescendo: Real Time Event Viewer for macOS
Prior to 2017, researchers couldn’t easily monitor actions performed by a process on macOS and had to resort to coding scripts that produced low level system call data. FireEye released Monitor.app in 2017 that enabled collection of information on macOS at a higher level; at a simplified data set...
Sandbox Escape
Overview safe-eval is a Safer version of eval Affected versions of this package are vulnerable to Sandbox Escape. It is possible for an attacker to run an arbitrary command on the host machine. POC by Anirudh Anand for node 12.13.0 const safeEval = require'safe-eval'; const theFunction = function...
CVE-2019-19620
In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a file. This is limited in scope to the collection of process-execution telemetry, for executions against specific files where the...
Design/Logic Flaw
In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a file. This is limited in scope to the collection of process-execution telemetry, for executions against specific files where the...
CVE-2019-19620
In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a file. This is limited in scope to the collection of process-execution telemetry, for executions against specific files where the...
Command injection
An exploitable command injection vulnerability exists in the Config editor of the Exhibitor Web UI versions 1.0.9 to 1.7.1. Arbitrary shell commands surrounded by backticks or $ can be inserted into the editor and will be executed by the Exhibitor process when it launches ZooKeeper. An attacker c...
Design/Logic Flaw
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...