CVE-2025-0425 Local Privilege Escalation via Config Manipulation

Via the GUI of the "bestinformed Infoclient", a low-privileged user is by default able to change the server address of the "bestinformed Server" to which this client connects. This is dangerous as the "bestinformed Infoclient" runs with elevated permissions "nt authority\system". By changing the...

CVE-2025-0425

Cordaware bestinformed Infoclient is vulnerable to local privilege escalation: a low-privileged user can change the server address to a malicious or spoofed server, enabling elevation to nt authority\system on Windows. This relies on default GUI permissions and can be mitigated by deploying a cus...

PT-2025-6786 · Bestinformed +1 · Bestinformed Infoclient +1

Name of the Vulnerable Software and Affected Versions: bestinformed Infoclient affected versions not specified Description: A low-privileged user can change the server address of the bestinformed Server to which the bestinformed Infoclient connects, allowing them to escalate their privileges by...

Cordaware bestinformed 安全漏洞

Cordaware bestinformed is a mass notification system from Cordaware, Germany. A security vulnerability exists in Cordaware bestinformed that stems from a server address modification permission issue that could result in local privileges being elevated to SYSTEM...

Orchid 安全漏洞

Orchid is a free Laravel package open-sourced by Orchid. A security vulnerability exists in Orchid versions prior to 14.43.0, which stems from a method exposure issue in the Asynchronous Mode feature, which could potentially brute-force a database table, perform authentication checks against user...

The vulnerability of the version/query_to_xml/inet_server_addr/inet_client_addr function in Apache Superset visualization software allows a hacker to bypass existing security restrictions.

The vulnerability of the version/querytoxml/inetserveraddr/inetclientaddr functions in Apache Superset visualization software is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to circumvent existing security...

Store Configuration by Server Based Discovery Fails

When attempting to configure Receiver Stores by entering in address of StoreFront server in Email/Server Based Discovery dialog, the following error appears: "Your account cannot be added using this server address. Make sure you entered it correctly. You may need to enter your email address...

CVE-2023-44427

D-Link DIR-X3260 SetSysEmailSettings SMTPServerAddress Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authentication is required to exploit this...

D-Link DIR-X3260 安全漏洞

D-Link DIR-X3260 is a Wi-Fi 6 router from China-based D-Link. A security vulnerability exists in the D-Link DIR-X3260 that stems from a remote code execution vulnerability in the SetSysEmailSettings SMTPServerAddress command injection...

Workspace on Android Errors with Error Code 548

An error has occurred while connecting. Check your server address and data connection. Error Code 548...

Unable to add gateway URL to the Workspace app. Your account cannot be added using this server addre

Account Adding failure in Citrix Workspace via inputing Gateway FQDN with below error: "Unable to add gateway URL to the Workspace app. Your account cannot be added using this server address. Make sure you entered it correctly. You may need to enter your email address instead."...

Workspace Error: "Your account cannot be added using this server address"

When adding account with NetScaler Gateway FQDN in Workspace, you may have below error prompt: "Your account cannot be added using this server address. Make sure you entered it correctly. You may need to enter your email address instead."...

CVE-2023-36673

An issue was discovered in Avira Phantom VPN through 2.23.1 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN tunnel, even if this traffic is not generated by the VPN client, while...

CVE-2023-36671

An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN tunnel even if this traffic is not generated by the VPN client. Thi...

UBUNTU-CVE-2023-36673

An issue was discovered in Avira Phantom VPN through 2.23.1 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN tunnel, even if this traffic is not generated by the VPN client, while...

Cisco AnyConnect Secure Mobility Client Security Vulnerability

Cisco Anyconnect Secure Mobility Client is a VPN client software for secure connections from Cisco. A security vulnerability exists in Cisco AnyConnect Secure Mobility Client version 5.9.1.1662, which originates from an insecure configuration of the operating system by a VPN client, which causes...

PT-2023-6276 · Clario · Clario Vpn Client

Name of the Vulnerable Software and Affected Versions: Clario VPN client versions 5.9.1.1662 and earlier Description: The issue is related to the insecure configuration of the operating system by the Clario VPN client, which allows all IP traffic to the VPN server's IP address to be sent in...

Your account cannot be added using this server address. Make sure you entered it correctly

Error "Your account cannot be added using this server address. Make sure you entered it correctly. You may need to enter your email address instead." when trying to logon Gateway URL via Citrix Workspace...

CVE-2023-26466

A user with non-Admin access can change a configuration file on the client to modify the Server URL...

Pegasystem PEGA Platform 安全漏洞

Pegasystem PEGA Platform is a suite of application development platforms from the US-based Pegasystem. The platform is used to develop applications such as BPM Business Process Management, Case Management, Real-Time Decision Making and CRM Customer Relationship Management. A security vulnerabilit...