142 matches found
Cambium Networks cnMaestro 操作系统命令注入漏洞
Cambium Networks cnMaestro is a cloud-based or native software platform from Cambium Networks for secure end-to-end network control. Cambium Networks cnMaestro suffers from an operating system command injection vulnerability. An attacker could exploit this vulnerability to upload specially crafte...
CVE-2022-26070
When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. The vulnerability impacts Splunk Enterprise versions before 8.1.0...
CVE-2022-26070
When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. The vulnerability impacts Splunk Enterprise versions before 8.1.0...
CVE-2021-33436
NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due to the lack of safe DLL loading. This vulnerability allows local non-privileged users to perform DLL Hijacking via any writable directory listed under the system path and ultimately execute code as ...
CVE-2022-26526
Anaconda Anaconda3 Anaconda Distribution through 2021.11.0.0 and Miniconda3 through 4.11.0.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH environment variable. Thus, for example, local users can gain privileges by placing a Trojan horse...
Design/Logic Flaw
Anaconda Anaconda3 Anaconda Distribution through 2021.11.0.0 and Miniconda3 through 4.11.0.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH environment variable. Thus, for example, local users can gain privileges by placing a Trojan horse...
CVE-2022-26526
CVE-2022-26526 affects Anaconda3 up to 2021.11.0.0 and Miniconda3 up to 4.11.0.0. A world-writable directory can be created under %PROGRAMDATA% and added to the system PATH when installed in a non-default configuration (for all users and PATH changes). Local users could gain privileges by placing...
CVE-2022-26526
Anaconda Anaconda3 Anaconda Distribution through 2021.11.0.0 and Miniconda3 through 4.11.0.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH environment variable. Thus, for example, local users can gain privileges by placing a Trojan horse...
Anaconda Anaconda3和Miniconda3 代码问题漏洞
Anaconda3 and Miniconda3 are both products of Anaconda, Inc. of the U.S. Anaconda3 is a distribution of the Python and R programming languages for scientific computing data science, machine learning applications, large-scale data processing, predictive analytics, etc.. Dedicated to simplifying...
Foxit PDF Reader 11.0 - Unquoted Service Path
Exploit Title: Foxit PDF Reader 11.0 - Unquoted Service Path Date: 05/03/2022 Exploit Author: Hejap Zairy Vendor Homepage: https://www.foxit.com/pdf-reader/ Software Link: https://www.foxit.com/downloads/Foxit-Reader/ Version: 11.0.1.49938 Tested: Windows 10 Pro x64 es C:\Users\Hejapsc qc...
CVE-2022-23135
There is a directory traversal vulnerability in some home gateway products of ZTE. Due to the lack of verification of user modified destination path, an attacker with specific permissions could modify the FTP access path to access and modify the system path contents without authorization, which...
CVE-2022-23135
There is a directory traversal vulnerability in some home gateway products of ZTE. Due to the lack of verification of user modified destination path, an attacker with specific permissions could modify the FTP access path to access and modify the system path contents without authorization, which...
Privilege escalation
SAP Adaptive Server Enterprise ASE - version 16.0, installation makes an entry in the system PATH environment variable in Windows platform which, under certain conditions, allows a Standard User to execute malicious Windows binaries which may lead to privilege escalation on the local system. The...
Hitachi Energy LinkOne 授权问题漏洞
Hitachi Energy LinkOne is an enterprise graphical parts catalog and content delivery solution from Hitachi Energy, Switzerland. It is used to publish, view and find spare parts for complex equipment and assemblies. A security vulnerability exists in Hitachi Energy LinkOne, which stems from a web...
ASUS RT-AX56U Path Traversal Vulnerability
ASUS RT-AX56U is a wireless router from ASUS Taiwan, China.A path traversal vulnerability exists in ASUS RT-AX56U, which stems from the insufficient filtering of special characters in URL parameters by the login function of ASUS RT-AX56U, which could be exploited by an unauthenticated LAN attacke...
GHSA-PJXV-W3QJ-J8M3 Directory Traversal in elFinder.AspNet
This affects the package elFinder.AspNet before 1.1.1. The user-controlled file name is not properly sanitized before it is used to create a file system path...
CVE-2021-23415
This affects the package elFinder.AspNet before 1.1.1. The user-controlled file name is not properly sanitized before it is used to create a file system path...
CVE-2021-23415
This affects the package elFinder.AspNet before 1.1.1. The user-controlled file name is not properly sanitized before it is used to create a file system path...
Path traversal
This affects the package elFinder.AspNet before 1.1.1. The user-controlled file name is not properly sanitized before it is used to create a file system path...
CVE-2021-23407
This affects the package elFinder.Net.Core from 0 and before 1.2.4. The user-controlled file name is not properly sanitized before it is used to create a file system path...