PT-2022-11735 · Totolink · Totolink Ex1200T

Name of the Vulnerable Software and Affected Versions: TOTOLINK EX1200T version 4.1.2cu.5215 Description: The issue concerns a remote command injection vulnerability. This vulnerability is located in the NTPSyncWithHost function of the system.so file, allowing control over hostTime to launch an...

VulnCheck KEV: CVE-2019-1385

A privilege escalation vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files...

CVE-2022-23426

A vulnerability using PendingIntent in DeX Home and DeX for PC prior to SMR Feb-2022 Release 1 allows attackers to access files with system privilege...

CVE-2022-23426

A vulnerability using PendingIntent in DeX Home and DeX for PC prior to SMR Feb-2022 Release 1 allows attackers to access files with system privilege...

VulnCheck KEV: CVE-2020-14864

Path traversal vulnerability, where an attacker can target the preview FilePath parameter of the getPreviewImage function to get access to arbitrary system file...

Listary 安全漏洞

Listary is a revolutionary Windows search utility that allows regular and advanced users to quickly find files and launch applications. a security vulnerability exists in Listary, where if a user tries to access files on the system from Listary itself when Listary is configured as an administrato...

Vulnerabilities fixed in Adobe Photoshop

Adobe has fixed vulnerabilities in Photoshop. A local malicious party could exploit the vulnerabilities to execute arbitrary code execute application privileges, or gain access to system files. Adobe has released updates to fix the vulnerabilities in Photoshop 2020 and 2021. For more information,...

Arbitrary File Read Vulnerability in Novelty House-plus

Novel boutique-plus novel-plus is a multi-end PC, WAP reading, functional original literature CMS system , built on SpringCloud , using MyBatis as the persistence layer . Novel-plus has an arbitrary file read vulnerability that can be exploited by an attacker to read any file in the system...

CVE-2020-27569

Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier. The VPN service writes logs to a location that is world writable and can be leveraged to gain write access to any file on the system...

ASUS BMC Firmware Path Traversal Vulnerability (CNVD-2021-36268)

ASUS BMC Firmware is a firmware from Asus China. A path traversal vulnerability exists in the ASUS BMC Firmware Web management page, which can be exploited by a remote attacker to gain administrator privileges and then access system files via path traversal...

OurPHP backend has an arbitrary file read vulnerability

OurPHP is an enterprise e-commerce marketing website building system. OurPHP backend has an arbitrary file reading vulnerability, which can be exploited by an attacker to read any system file...

Nozomi Networks Guardian Path Traversal Vulnerability

Nozomi Networks Guardian is an IoT device and software inspection system from Nozomi Networks, Switzerland. Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. A security vulnerability exists in the Nozomi Networks CMC 20.0.7.3 version 20.0.7.3 and prior versions, which...

Sonatype Nexus Repository Manager External Entity Injection Vulnerability

Sonatype Nexus Repository Manager NXRM is a Maven repository manager from Sonatype USA. An external entity injection vulnerability exists in the Sonatype Nexus Repository Manager product, which allows an attacker with Nexus Repository Manager administrator privileges to configure the system in su...

Malicious Package

fallguys is a malicious package. Malicious code within the library attempts to read local system files and exfiltrate information through a Discord webhook. The code attempts to access various files on Windows systems such as...

PT-2020-3685 · Microsoft · Windows Appx Deployment Extensions +1

Name of the Vulnerable Software and Affected Versions: Windows AppX Deployment Extensions affected versions not specified Description: The issue is related to improper privilege management in the Windows AppX Deployment Extensions, allowing an authenticated attacker to elevate privileges by runni...

Directory Traversal

public is vulnerable to symbolic link attack. The application does not verify files before serving its contents to requests. This allows an attacker with local access to the web root to create a symbolic link of a system file within the web root, resulting in the remote access of the affected fil...

CVE-2018-7824

An Externally Controlled Reference to a Resource CWE-610 vulnerability exists in Schneider Electric Modbus Serial Driver For 64-bit Windows OS:V3.17 IE 37 and prior , For 32-bit Windows OS:V2.17 IE 27 and prior, and as part of the Driver Suite version:V14.12 and prior which could allow write acce...

The vulnerability of the programmatically defined Cisco SD-WAN network, related to lack of access control, allows a hacker to bypass authentication procedures and gain access to system files.

The vulnerability of the programmatically defined Cisco SD-WAN network is related to lack of access control. Exploiting this vulnerability could allow a attacker to bypass authentication procedures and gain access to system files...

CVE-2018-7835

An Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in IIoT Monitor 3.1.38 which could allow access to files available to SYSTEM user...

The vulnerability of the Cisco Digital Network Architecture (DNA) Center’s network management system is related to the insecure default configuration settings. This allows attackers to bypass authentication procedures, gain access to system files, and modify them.

The vulnerability of the Cisco Digital Network Architecture DNA Center network management system arises from insecure default configuration settings. Exploiting this vulnerability could allow a malicious actor to bypass authentication procedures, gain access to system files, and modify them...