135 matches found
CVE-2025-35978
Improper restriction of communication channel to intended endpoints issue exists in UpdateNavi V1.4 L10 to L33 and UpdateNaviInstallService Service 1.2.0091 to 1.2.0125. If a local authenticated attacker send malicious data, an arbitrary registry value may be modified or arbitrary code may be...
PT-2025-25282 · Unknown · Updatenaviinstallservice Service +1
Name of the Vulnerable Software and Affected Versions: UpdateNavi versions 1.4 L10 through 1.4 L33 UpdateNaviInstallService Service versions 1.2.0091 through 1.2.0125 Description: The issue exists due to improper restriction of communication channel to intended endpoints. If a local authenticated...
JVN#17860456: UpdateNavi vulnerable to improper restriction of communication channel to intended endpoints
UpdateNavi provided by Fujitsu Client Computing Limited contains the following vulnerability. Improper restriction of communication channel to intended endpoints CWE-923 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 6.9 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Bas...
CVE-2022-24934
wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEYCURRENTUSER in the registry...
CVE-2024-8785
In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEYLOCALMACHINE\SOFTWARE\WOW6432Node\Ipswitch\...
CVE-2024-8785
In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEYLOCALMACHINE\SOFTWARE\WOW6432Node\Ipswitch...
CVE-2024-8785
CVE-2024-8785 affects Progress WhatsUp Gold pre-2024.0.1. The vulnerability stems from NmAPI.exe enabling remote unauthenticated actors to create or modify a registry value at HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch, potentially enabling remote code execution. Connected documents confirm...
Progress Software WhatsUp Gold 安全漏洞
Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability exists in Progress Software WhatsUp Gold versions prior to...
Elevate Cyber Defense with Qualys Advanced Hunting
Introduction In today’s cyber threat landscape, proactive approaches such as threat hunting have become key in any organization’s defense strategy, identifying and tackling threats before they become an incident. That is why Qualys is delighted to introduce Advanced Hunting , our threat-hunting...
CVE-2024-40720
The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. When a user visits a spoofed website, unauthenticated remote attackers can modify the HKEYCURRENTUSER registry to execute arbitrary commands...
CVE-2024-40720 CHANGING Information Technology TCBServiSign Windows Version - Improper Input Validation
The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. When a user visits a spoofed website, unauthenticated remote attackers can modify the HKEYCURRENTUSER registry to execute arbitrary commands...
Changing TCBServiSign 输入验证错误漏洞
Changing TCBServiSign is a cross-platform security control component from Changing, China. An input validation error vulnerability exists in versions prior to Changing TCBServiSign 1.0.24.0318. The vulnerability stems from a specific API that does not properly validate server-side input, which...
Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign
This guide provides steps that organizations can take to assess whether users have been targeted or compromised by threat actors exploiting CVE-2022-21894 via a Unified Extensible Firmware Interface UEFI bootkit called BlackLotus. UEFI bootkits are particularly dangerous as they run at computer...
CVE-2023-25134
McAfee Total Protection prior to 16.0.50 may allow an adversary with full administrative access to modify a McAfee specific Component Object Model COM in the Windows Registry. This can result in the loading of a malicious payload...
McAfee Total Protection 安全漏洞
McAfee Total Protection MTP is a suite of antivirus software from McAfee, Inc. in the United States. A security vulnerability exists in McAfee Total Protection prior to version 16.0.50, which stems from a vulnerability that allows an attacker to modify the McAfee-specific component object model i...
Input validation
ChangingTech MegaServiSignAdapter component has a vulnerability of improper input validation. An unauthenticated remote attacker can exploit this vulnerability to access and modify HKEYCURRENTUSER subkey ex: AutoRUN in Registry where malicious scripts can be executed to take control of the system...
Changingtec ServiSign 输入验证错误漏洞
Changingtec ServiSign is a system from Changingtec Taiwan, China. The system provides a cross-platform solution for digital signatures and authentication. An input validation error vulnerability exists in the ChangingTech MegaServiSignAdapter. The vulnerability stems from the presence of improper...
PT-2023-13680 · Changingtec · Changingtech Megaservisignadapter
Name of the Vulnerable Software and Affected Versions: ChangingTech MegaServiSignAdapter affected versions not specified Description: The issue is related to improper input validation in the ChangingTech MegaServiSignAdapter component. An unauthenticated remote attacker can exploit this to access...
Security Bulletin: IBM SPSS SamplePower vsflex7l ActiveX control vulnerability (CVE-2012-5947)
Abstract There is a security vulnerability with the vsflex7l ActiveX control shipped by IBM SPSS SamplePower Version 3. The vulnerability allows remote attackers to execute arbitrary code on installations of SamplePower when the control is invoked as ActiveX by Microsoft Internet Explorer. Conten...
CVE-2022-24934
wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEYCURRENTUSER in the registry...