14 matches found
EUVD-2023-46210
Malicious code in bioql PyPI...
CVE-2023-41718
When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file...
CVE-2023-41718
When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file...
Design/Logic Flaw
When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file...
CVE-2023-41718
Ivanti Secure Access Client vulnerable to local privilege escalation (CVE-2023-41718) when a user has control over a specific file. Affected products are Ivanti Secure Access Client versions prior to 22.6R1. The underlying issue is a local privilege escalation vulnerability in the Windows client....
CVE-2023-41718
When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file...
PT-2023-28059 · Ivanti · Secure Access +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue allows an attacker to gain unauthorized elevated privileges on the affected system when a particular process flow is initiated and they have...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
vuln4japi A vulnerable Java based REST API for demonstrating C...
Starbucks: Multiple Subdomain takeovers via unclaimed instances
Hacker @benoculars was able to successfully faciliate multiple subdomain takeovers by taking advantage of a process flow to use some of the space provided for germany.openapi.starbucks.com, psv.openapi.starbucks.com, stage-psv.openapi.starbucks.com, and test-psv.openapi.starbucks.com. While we we...
Coders code audit: php-vulnerability-vulnerability warning-the black bar safety net
In party company to do the code audit generally or in white-box based, vulnerability is nothing more than so few classes, XSS, asql injection, the command execution, upload vulnerability, local included, remote included, permissions, bypass, information disclosure, etc. 1. xss + sql injection...
Microsoft Help Workshop HPJ OPTIONS Section Buffer Overflow (CVE-2007-0427)
The Microsoft Help Workshop product is a development tool that allows the design and development of help files frequently packaged with Windows based applications. The program is used to author help content and package it in Microsoft Help files such as HLP. There exists a buffer overflow...
Symantec AntiVirus Real Time Virus Scan Service Stack Overflow (CVE-2006-2630)
Symantec Antivirus Corporate Edition and Symantec Client Security are applications designed to protect organizations from the threat of viruses, malware, and intrusion attempts. Both applications can be deployed in an enterprise network environment, and they both support an anti-virus scanning...
RealNetworks RealPlayer Error Message Format String (CVE-2005-2710)
RealPlayer and Helix Player are media players developed by RealNetworks, Inc. These applications are capable of playing back numerous multimedia file formats. They support a streaming slide show technology called RealPix that allows for the creation of presentations that include image content. Th...
Microsoft Visio文档封装远程代码执行漏洞(MS07-030)
Microsoft Visio是Office套件中用于绘制流程图的软件。 Microsoft Visio解析Visio文件格式中的打包对象的方式存在内存破坏漏洞,成功利用此漏洞的攻击者可能完全控制受影响的系统。 攻击者可能通过创建恶意Visio(.VSD、.VSS或.VST)文件诱使用户打开处理来利用此漏洞,如果用户访问恶意网站或打开电子邮件中包含的特制Visio附件,则这些文件可能允许远程执行指令。 Microsoft Visio 2003 Microsoft Visio 2002 临时解决方法: 不要打开或保存从不受信任来源或从受信任来源意外收到的Microsoft Visio文件。...