PT-2023-22432 · Webroot · Webroot Secureanywhere Endpoint Protection Ce

Name of the Vulnerable Software and Affected Versions: Webroot SecureAnywhere Endpoint Protection CE versions 9.0.33.39 and earlier Description: An issue in Webroot SecureAnywhere Endpoint Protection CE allows a local attacker to access sensitive information via the EXE installer. Recommendations...

CVE-2023-29819

An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via a crafted payload...

CVE-2023-29819

An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via a crafted payload...

Webroot Secure Anywhere 安全漏洞

Webroot Secure Anywhere is a comprehensive antivirus program from Webroot USA. A security vulnerability exists in Webroot Secure Anywhere Endpoint Protection CE 23.1 v.9.0.33.39 and prior versions, which originated from a vulnerability that allows local attackers to access sensitive information v...

PT-2023-22431 · Webroot · Webroot Secureanywhere Endpoint Protection Ce

Name of the Vulnerable Software and Affected Versions: Webroot SecureAnywhere Endpoint Protection CE versions 9.0.33.39 and earlier Description: An issue in Webroot SecureAnywhere Endpoint Protection CE allows a local attacker to bypass protections via a crafted payload. Recommendations: For...

CVE-2023-29820

An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to access sensitive information via the EXE installer. NOTE: the vendor's perspective is that this is not a separate vulnerability relative to CVE-2023-29818 and CVE-2023-29819...

Webroot Secure Anywhere 安全漏洞

Webroot Secure Anywhere is a comprehensive antivirus program from Webroot USA. A security vulnerability exists in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and prior versions, which stems from a vulnerability that allows a local attacker to bypass the protection via a crafted...

PT-2023-20660 · Unknown · Weaver E-Office

Name of the Vulnerable Software and Affected Versions: Weaver E-Office version 9.5 Description: A critical issue was found in the File Upload Handler component, specifically in the /webroot/inc/utility all.php file, which leads to command injection. This issue can be exploited remotely. The vendo...

Weaver E-Office 命令注入漏洞

Weaver E-Office is a collaborative office system from China's Panavision Technologies Weaver. A command injection vulnerability exists in Weaver E-Office version 9.5, which stems from a problem in the file /webroot/inc/utilityall.php that can lead to command injection...

CVE-2022-47878

Incorrect input validation for the default-storage-path in the settings page in Jedox 2020.2.5 allows remote, authenticated users to specify the location as Webroot directory. Consecutive file uploads can lead to the execution of arbitrary code. NOTE: The vendor states that the vulnerability...

CVE-2022-47878

Incorrect input validation for the default-storage-path in the settings page in Jedox 2020.2.5 allows remote, authenticated users to specify the location as Webroot directory. Consecutive file uploads can lead to the execution of arbitrary code. NOTE: The vendor states that the vulnerability...

PT-2023-15510 · Jedox · Jedox

Name of the Vulnerable Software and Affected Versions: Jedox version 2020.2.5 Description: The issue is related to incorrect input validation for the default-storage-path in the settings page, allowing remote, authenticated users to specify the location as the Webroot directory. This can lead to...

Jedox 代码问题漏洞

Jedox is a corporate performance management software from Jedox Inc. for planning, analyzing and reporting in finance and other areas such as sales, human resources and purchasing. A code issue vulnerability exists in Jedox version 2020.2.5, which stems from incorrect input validation of the...

PT-2023-5839 · Triangle Microworks · Scada Data Gateway

Name of the Vulnerable Software and Affected Versions: Triangle MicroWorks SCADA Data Gateway affected versions not specified Description: The issue is related to the disclosure of information in the SCADA Data Gateway system. It allows remote attackers to disclose sensitive information on affect...

GHSA-42C3-WVWW-GCQJ Pimcore Remote Code Execution vulnerability in Search function

Impact Attacker can get full DB and maybe RCE knowing the WEBROOT path Patches Update to version 10.5.19 or apply this patch manually https://github.com/pimcore/pimcore/commit/367b74488808d71ec3f66f4ca9e8df5217c2c8d2.patch Workarounds Apply patch...

CVE-2016-15029

CVE-2016-15029 affects Ydalb mapicoin versions up to 1.9.0. The vulnerability lies in webroot/stats.php where manipulating the link/search parameter leads to cross-site scripting. The issue can be triggered remotely. A fix is available in version 1.10.0; the patch is identified as 67e87f0f0c1ac23...

CVE-2016-15029 Ydalb mapicoin stats.php cross site scripting

A vulnerability has been found in Ydalb mapicoin up to 1.9.0 and classified as problematic. This vulnerability affects unknown code of the file webroot/stats.php. The manipulation of the argument link/search leads to cross site scripting. The attack can be initiated remotely. Upgrading to version...

PT-2023-10348 · Unknown · Ydalb Mapicoin

Name of the Vulnerable Software and Affected Versions: Ydalb mapicoin versions up to 1.9.0 Description: A vulnerability has been found in the file webroot/stats.php, where the manipulation of the link/search argument leads to cross-site scripting. The attack can be initiated remotely...

SQL Injection leads to code execution

Description This vulnerability allows the attacker to leverage a SQL injection attack in the database backup functionality to write arbitrary data to an arbitrary file on disk anywhere where the user can write. This includes the webroot in a default installation allowing the attack to place a web...

USN-5889-1 zoneminder vulnerabilities

It was discovered that ZoneMinder was not properly sanitizing URL parameters for certain views. An attacker could possibly use this issue to perform a cross-site scripting XSS attack. This issue was only fixed in Ubuntu 16.04 ESM. CVE-2019-6777 It was discovered that ZoneMinder was not properly...