CVE-2023-33871

Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a directory traversal vulnerability that could allow an unauthenticated user to directly access any file outside the webroot...

Directory traversal

Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a directory traversal vulnerability that could allow an unauthenticated user to directly access any file outside the webroot...

CVE-2023-33871 Iagona ScrutisWeb Absolute Path Traversal

Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a directory traversal vulnerability that could allow an unauthenticated user to directly access any file outside the webroot...

PT-2023-4580 · Iagona · Iagona Scrutisweb

Name of the Vulnerable Software and Affected Versions: Iagona ScrutisWeb versions 2.1.37 and prior Description: The issue exists due to incorrect restriction of the path name to a directory with limited access. Exploitation of this issue may allow a remote attacker to gain direct access to any...

CVE-2023-29820

An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to access sensitive information via the EXE installer. NOTE: the vendor's perspective is that this is not a separate vulnerability relative to CVE-2023-29818 and CVE-2023-29819...

CVE-2023-29819

An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via a crafted payload...

CVE-2023-29818

An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via the default allowlist feature being stored as non-admin...

CVE-2023-29820

An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to access sensitive information via the EXE installer. NOTE: the vendor's perspective is that this is not a separate vulnerability relative to CVE-2023-29818 and CVE-2023-29819...

CVE-2023-29819

An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via a crafted payload...

CVE-2023-29818

An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via the default allowlist feature being stored as non-admin...

Design/Logic Flaw

An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via a crafted payload...

Design/Logic Flaw

An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via the default allowlist feature being stored as non-admin...

CVE-2023-29820

An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to access sensitive information via the EXE installer. NOTE: the vendor's perspective is that this is not a separate vulnerability relative to CVE-2023-29818 and CVE-2023-29819...

CVE-2023-29818

An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via the default allowlist feature being stored as non-admin...

PT-2023-22430 · Webroot · Webroot Secureanywhere Endpoint Protection Ce

Name of the Vulnerable Software and Affected Versions: Webroot SecureAnywhere Endpoint Protection CE versions 9.0.33.39 and before Description: An issue in Webroot SecureAnywhere Endpoint Protection CE allows a local attacker to bypass protections via the default allowlist feature being stored as...

CVE-2023-29820

CVE-2023-29820 affects Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and earlier. According to Red Hat entries, a local attacker can access sensitive information via the EXE installer, with the vulnerability stemming from (unstated) local-privilege context and exposure during ins...

CVE-2023-29819

Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and earlier is affected by CVE-2023-29819 (and linked CVEs) where a local attacker can bypass protections via a crafted payload. The vulnerability’s impact is limited to confidentiality (HIGH) with no integrity or availability impact,...

CVE-2023-29818

CVE-2023-29818 affects Webroot SecureAnywhere Endpoint Protection CE versions 9.0.33.39 and earlier. The issue allows a local attacker to bypass protections because the default allowlist feature can be stored with non-admin privileges, per Red Hat and NVD/NVD-derived records. The root cause is th...

Webroot Secure Anywhere 安全漏洞

Webroot Secure Anywhere is a comprehensive antivirus program from Webroot USA. A security vulnerability exists in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and prior versions, which stems from a vulnerability that allows a local attacker to bypass the protection via the defau...

CVE-2023-29818

An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via the default allowlist feature being stored as non-admin...