Lucene search
K

160 matches found

Prion
Prion
added 2017/11/16 7:29 a.m.13 views

Input validation

An untrusted search path aka DLL Preloading vulnerability in the Cisco Immunet antimalware installer could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a local user with administrative privileges executes the installer in the current working directory wher...

7.2CVSS6.8AI score0.00536EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2017/10/09 12:0 a.m.4 views

Cisco Meeting App Elevation of Privilege Vulnerability

Cisco Meeting App for Windows is a Windows-based video conferencing software client from the U.S. company Cisco Cisco. An elevation of privilege vulnerability exists in the Cisco Meeting App for Windows for loading the DLL file routine, which results from the program failing to perform sufficient...

4.6CVSS5.4AI score0.00358EPSS
Exploits0References1
0day.today
0day.today
added 2017/06/29 12:0 a.m.115 views

Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) -

Exploit for linux platform in category local exploits / Linuxldsohwcap64.c for CVE-2017-1000366, CVE-2017-1000379 Copyright C 2017 Qualys, Inc. myimportanthwcaps adapted from elf/dl-hwcaps.c, part of the GNU C Library: Copyright C 2012-2017 Free Software Foundation, Inc. This program is free...

4.4CVSS5.6AI score0.02733EPSS
Exploits24
BDU FSTEC
BDU FSTEC
added 2017/06/23 12:0 a.m.10 views

The vulnerability in the loading of DLL files of the Cisco AnyConnect Secure Mobility Client software allows a perpetrator to install or execute a file with privileges equivalent to those of a Microsoft Windows system administrator account.

The vulnerability related to the loading of DLL files in the Cisco AnyConnect Secure Mobility Client encryption solution stems from deficiencies in access control. Exploiting this vulnerability allows a malicious actor, operating locally, to install or execute a DLL file with privileges equivalen...

7.2CVSS7.3AI score0.00371EPSS
Exploits0References3Affected Software1
Packet Storm
Packet Storm
added 2017/05/31 12:0 a.m.41 views

Intel SSD Toolbox 3.4.3 DLL Hijacking

Hi @ll, executable installers built with Intels Installation Framework, for example "Intel SSD Toolbox - v3.4.3.exe", available from , expose two vulnerabilities, both resulting in arbitrary code execution with escalation of privilege. Vulnerability 1: On a fully patched Windows 7 SP1 they load a...

Exploits0
Prion
Prion
added 2017/04/25 7:59 p.m.17 views

Directory traversal

Directory traversal in setup/processors/urlsearch.php aka the search page of an unused processor in MODX Revolution 2.5.7 might allow remote attackers to obtain system directory information...

5CVSS5.3AI score0.02676EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2017/04/25 7:59 p.m.14 views

CVE-2017-8115

Directory traversal in setup/processors/urlsearch.php aka the search page of an unused processor in MODX Revolution 2.5.7 might allow remote attackers to obtain system directory information...

5.3CVSS5.3AI score0.02676EPSS
Exploits0References2
OSV
OSV
added 2017/04/25 7:59 p.m.12 views

CVE-2017-8115

Directory traversal in setup/processors/urlsearch.php aka the search page of an unused processor in MODX Revolution 2.5.7 might allow remote attackers to obtain system directory information...

5.3CVSS6.9AI score0.02676EPSS
Exploits0References2
OSV
OSV
added 2017/04/13 2:59 p.m.4 views

DEBIAN-CVE-2016-10117

Firejail does not restrict access to --tmpfs, which allows local users to gain privileges, as demonstrated by mounting over /etc...

7.8CVSS7.5AI score0.00394EPSS
Exploits0References1
CNVD
CNVD
added 2017/04/02 12:0 a.m.4 views

Unauthorized Access Vulnerability in Rigel Psychoeducation Information Management System of Beijing Otay Rigel Technology Co.

Rigel Psychoeducational Information Management System is a content management system for information collection and analysis. An unauthorized access vulnerability exists in the Riggs Psychoeducational Information Management System. The vulnerability occurs because the '/sysManage/Excel/' director...

6.7AI score
Exploits0
Packet Storm
Packet Storm
added 2017/01/22 12:0 a.m.93 views

Oracle E-Business Suite 12.x Unconstrainted File Download

Exploit Title: Unconstrained File Download - Oracle E-Business Suite Exploit Discoverer: Owais Mehtab, Tayeeb Rana Vendor Homepage: http://www.oracle.com Version: 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 CVE: 2017-3277 Attack Vectors exploitation may be done by sending a post request to following u...

5.6AI score0.01431EPSS
Exploits2
exploitpack
exploitpack
added 2016/04/25 12:0 a.m.18 views

CompuSource Systems Real Time Home Banking - Local Privilege Escalation

CompuSource Systems Real Time Home Banking - Local Privilege Escalation Exploit Title: CompuSource Systems - Real Time Home Banking - Local Privilege Escalation/Arbitrary Code Execution Date: 2/25/16 Exploit Author: [email protected] Vendor Homepage: https://www.css4cu.com :...

0.6AI score
Exploits0
CNVD
CNVD
added 2015/06/10 12:0 a.m.3 views

Microsoft Windows Kernel DLL Path Error Elevation of Privilege Vulnerability

Microsoft Windows is a popular operating system. A security vulnerability in the Microsoft windows kernel allows a local attacker to place a specially crafted dll file in a system directory or on a network share, which can be loaded by the target user to execute arbitrary code...

6.9CVSS7AI score0.01996EPSS
Exploits0References1
NVD
NVD
added 2015/01/27 7:59 p.m.17 views

CVE-2014-9646

Unquoted Windows search path vulnerability in the GoogleChromeDistribution::DoPostUninstallOperations function in installer/util/googlechromedistribution.cc in the uninstall-survey feature in Google Chrome before 40.0.2214.91 allows local users to gain privileges via a Trojan horse program in the...

4.6CVSS5.7AI score0.0026EPSS
Exploits0References5
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.31 views

SheerDNS 1.0 Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7336/info A vulnerability has been discovered in SheerDNS. Due to insufficient sanitization of DNS requests, an attacker may be able to view the contents of an arbitrary system directory or file. Information obtained by...

7.1AI score
Exploits0
Vulnerability Lab
Vulnerability Lab
added 2014/02/11 12:0 a.m.17 views

jDisk (stickto) v2.0.3 iOS - Multiple Web Vulnerabilities

Document Title: =============== jDisk stickto v2.0.3 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1196 Release Date: ============= 2014-02-11 Vulnerability Laboratory ID VL-ID: ==================================== 11...

7.1AI score
Exploits0
NVD
NVD
added 2012/07/16 10:28 a.m.17 views

CVE-2011-4293

The theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 triggers duplicate caching of Cascading Style Sheets CSS and JavaScript content, which allows remote attackers to bypass intended access restrictions and write to an operating-system temporary directory via unspecified...

6.4CVSS6.7AI score0.02409EPSS
Exploits0References3
Cvelist
Cvelist
added 2012/07/16 10:0 a.m.24 views

CVE-2011-4293

The theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 triggers duplicate caching of Cascading Style Sheets CSS and JavaScript content, which allows remote attackers to bypass intended access restrictions and write to an operating-system temporary directory via unspecified...

6.6AI score0.02409EPSS
Exploits0References3
myhack58
myhack58
added 2012/02/13 12:0 a.m.18 views

ECShop v2. 7. 2 wap page storm path 0day-vulnerability warning-the black bar safety net

Google: inurl:mobile/goods. php? act=viewimg&id=1 2 3 Search to After in page plus&id=5 That is, http://www. badguest. cn/mobile/goods. php? act=viewimg&id=1 2 3&id=5 For example, for many forums, submitted a non-existent file request, or submit a There is no output file of the request, the serve...

6.9AI score
Exploits0
Exploit DB
Exploit DB
added 2010/10/25 12:0 a.m.22 views

Microsoft Windows Vista - 'lpksetup.exe oci.dll' DLL Loading Arbitrary Code Execution

// source: https://www.securityfocus.com/bid/44414/info Microsoft Windows 'lpksetup.exe' is prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share...

7.4AI score
Exploits0
Rows per page
Query Builder