CVE-2023-27133

TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILESX86%\TSplus-RemoteWork\Clients\www folder. This may enable privilege escalation if a different local user modifies a file. NOTE: CVE-2023-31067 and CVE-2023-31068 are only about the TSplus Remot...

Eaton easyE4 PLC Encryption Issue Vulnerability

The Eaton easyE4 PLC is a PLC from Eaton Corporation USA. A security vulnerability exists in the Eaton easyE4 PLC that stems from a weakly encoded algorithm used to store device passwords in program files...

PT-2023-28977 · Eaton · Eaton Easye4 Plc

Name of the Vulnerable Software and Affected Versions: Eaton easyE4 PLC affected versions not specified Description: The Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. However, it was observed that the device...

CVE-2023-31468

An issue was discovered in Inosoft VisiWin 7 through 2022-2.1 Runtime RT7.3 RC3 20221209.5. The "%PROGRAMFILESX86%\INOSOFT GmbH" folder has weak permissions for Everyone, allowing an attacker to insert a Trojan horse file that runs as SYSTEM. 2024-1 is a fixed version...

CVE-2023-31468

An issue was discovered in Inosoft VisiWin 7 through 2022-2.1 Runtime RT7.3 RC3 20221209.5. The "%PROGRAMFILESX86%\INOSOFT GmbH" folder has weak permissions for Everyone, allowing an attacker to insert a Trojan horse file that runs as SYSTEM. 2024-1 is a fixed version...

CVE-2023-31067

An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILESX86%\TSplus\Clients\www...

CVE-2023-31067

An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILESX86%\TSplus\Clients\www...

Design/Logic Flaw

An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILESX86%\TSplus\Clients\www...

Design/Logic Flaw

An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILESX86%\TSplus\UserDesktop\themes...

PT-2023-23130 · Tsplus · Tsplus Remote Access

Name of the Vulnerable Software and Affected Versions: TSplus Remote Access versions through 16.0.2.14 Description: An issue was discovered in TSplus Remote Access where some directories under %PROGRAMFILESX86%TSplusClientswww have Full Control permissions for Everyone. Recommendations: For...

PT-2023-5304 · Omron · Cx-Programmer

Name of the Vulnerable Software and Affected Versions: CX-Programmer Included in CX-One CXONE-ALD-V4 versions 9.80 and earlier Description: A heap-based buffer overflow issue exists, which can be exploited by having a user open a specially crafted CXP file. This may lead to information disclosure...

CVE-2023-3842 Pointware EasyInventory Easy2W.exe unquoted search path

A vulnerability was found in Pointware EasyInventory 1.0.12.0 and classified as critical. This issue affects some unknown processing of the file C:\Program Files x86\EasyInventory\Easy2W.exe. The manipulation leads to unquoted search path. Attacking locally is a requirement. The identifier...

PT-2023-20846 · Diasoft · Diasoft File Replication Pro

Name of the Vulnerable Software and Affected Versions: Diasoft File Replication Pro version 7.5.0 Description: The issue allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that will be executed as LocalSystem. This occurs because the directory...

CVE-2022-48224

An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. It is installed with insecure permissions full write access within Program Files. Standard users can replace files within this directory that get executed with elevated privileges, leading to a complete arbitrary code execution...

PT-2023-15621 · Acuant · Acuant Acufill Sdk

Name of the Vulnerable Software and Affected Versions: Acuant AcuFill SDK versions prior to 10.22.02.03 Description: The issue is related to insecure permissions in the installation of the software, allowing standard users to replace files within the Program Files directory that are executed with...

CVE-2023-0575

External Control of Critical State Data, Improper Control of Generation of Code 'Code Injection' vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS DevopsBase.Java:execCommand, TableManager.Java:runCommand modules allows API Manipulation, Privilege Abuse. This vulnerability...

CVE-2023-0575 Remote Code Execution

External Control of Critical State Data, Improper Control of Generation of Code 'Code Injection' vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS DevopsBase.Java:execCommand, TableManager.Java:runCommand modules allows API Manipulation, Privilege Abuse. This vulnerability...

Velociraptor vulnerable to Missing Authorization

Rapid7 Velociraptor allows users to be created with different privileges on the server. Administrators are generally allowed to run any command on the server including writing arbitrary files. However, lower privilege users are generally forbidden from writing or modifying files on the server. Th...

CVE-2022-29826

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.087R and Motion Control SettingGX Works3 related software versions from 1.000A to 1.042U allows a remote unauthenticated attacker to disclose sensitive information. As a result,...

Redis Labs Redis 代码问题漏洞

Redis Labs Redis is an open source, network-enabled, memory-based, persistent logging, key-value Key-Value storage database written in ANSI C from Redis Labs, Inc. and provides APIs in multiple languages. Redis Labs Redis is vulnerable to a code issue that originates from unknown code in C:/Progr...