900 matches found
CVE-2023-7270
An issue was discovered in SoftMaker Office 2024 / NX before revision 1214 and SoftMaker FreeOffice 2014 before revision 1215. FreeOffice 2021 is also affected, but won't be fixed. The SoftMaker Office and FreeOffice MSI installer files were found to produce a visible conhost.exe window running a...
CVE-2022-24767
GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account...
CVE-2022-20317
In SystemUI, there is a possible way to unexpectedly enable the external speaker due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Androi...
CVE-2021-21448
SAP GUI for Windows, version - 7.60, allows an attacker to spoof logon credentials for Application Server ABAP backend systems in the client PCs memory. Under certain conditions the attacker can access information which would otherwise be restricted. The exploit can only be executed locally on th...
CVE-2021-27406
An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This could result in t...
CVE-2021-29452
a12n-server is an npm package which aims to provide a simple authentication system. A new HAL-Form was added to allow editing users in version 0.18.0. This feature should only have been accessible to admins. Unfortunately, privileges were incorrectly checked allowing any logged in user to make th...
CVE-2020-6239
Under certain conditions SAP Business One Backup service, versions 9.3, 10.0, allows an attacker with admin permissions to view SYSTEM user password in clear text, leading to Information Disclosure...
CVE-2018-14996
The Oppo F5 Android device with a build fingerprint of OPPO/CPH1723/CPH1723:7.1.1/N6F26Q/1513597833:user/release-keys contains a pre-installed platform app with a package name of com.dropboxchmod versionCode=1, versionName=1.0 that contains an exported service named...
CVE-2018-10170
NordVPN 6.12.7.0 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "nordvpn-service" service. This service establishes an NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "Connect" method accepts a...
CVE-2019-15342
The Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.0.11. This app contains an exported service...
CVE-2019-15351
The Tecno Camon Android device with a build fingerprint of TECNO/H622/TECNO-ID5b:8.1.0/O11019/G-180829V31:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.0.11. This app contains an exported service named...
CVE-2019-15388
The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.1.13. This app contains an exported service name...
CVE-2019-15348
The Tecno Camon Android device with a build fingerprint of TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-180828V106:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.0.11. This app contains an exported service named...
CVE-2019-15389
The Haier A6 Android device with a build fingerprint of Haier/A6/A6:8.1.0/O11019/1534219877:userdebug/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.1.13. This app contains an exported service named...
CVE-2019-15347
The Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.0.11. This app contains an exported service...
CVE-2019-6145
Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg Hadar of SafeBreach La...
CVE-2019-13142
The RzSurroundVADStreamingService RzSurroundVADStreamingService.exe in Razer Surround 1.1.63.0 runs as the SYSTEM user using an executable located in %PROGRAMDATA%\Razer\Synapse\Devices\Razer Surround\Driver\. The DACL on this folder allows any user to overwrite contents of files in this folder,...
CVE-2012-4501
Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs...
CVE-2025-20975
Improper Export of Android Application Components in AODService prior to version 8.8.28.12 allows local attackers to launch arbitrary activity with systemui privilege...
PT-2025-17857 · Unknown · Codeastro Bus Ticket Booking System
Name of the Vulnerable Software and Affected Versions: Codeastro Bus Ticket Booking System version 1.0 Description: Insecure Direct Object Reference IDOR in Codeastro Bus Ticket Booking System allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker can...