CVE-2025-10214 DLL search path hijacking vulnerability

DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a FREngine.dll file of their choice in the 'C:\Users\AppData\Local\UPDF\FREngine\Bin64' directory, which could lead to arbitrary...

CVE-2021-35523

Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe configuration handling that enables local privilege escalation to NT AUTHORITY\SYSTEM. A non-privileged local user can modify the OpenVPN configuration stored under "%APPDATA%\Securepoint SSL VPN" and add a external script file tha...

openSUSE: Security Advisory for libzypp (SUSE-SU-2023:0095-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Windows Gather Mikrotik Winbox "Keep Password" Credentials Extractor

This module extracts Mikrotik Winbox credentials saved in the "settings.cfg.viw" file when the "Keep Password" option is selected in Winbox. Module Options msf use post/windows/gather/credentials/winboxsettings msf postwinboxsettings show actions ...actions... msf postwinboxsettings set ACTION ms...

PT-2023-22022 · Ncp · Ncp Secure Enterprise Client

Name of the Vulnerable Software and Affected Versions: NCP Secure Enterprise Client versions prior to 13.10 Description: The issue allows attackers to execute DLL files with SYSTEM privileges by creating a symbolic link from a %LOCALAPPDATA%TempNcpSupport location. This can lead to elevated...

SUSE CVE-2023-28833

Nextcloud server is an open source home cloud implementation. In affected versions admins of a server were able to upload a logo or a favicon and to provided a file name which was not restricted and could overwrite files in the appdata directory. Administrators may have access to overwrite these...

PT-2023-2469 · Nextcloud +2 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 24.0.10 Nextcloud Server versions prior to 25.0.4 Description: The issue is related to the lack of restrictions on file uploads in the Nextcloud server, allowing administrators to upload a logo or favicon wi...

The vulnerability of the libzypp-plugin-appdata plugin for SUSE Linux Enterprise operating systems, which allows a hacker to execute arbitrary code.

The vulnerability of the libzypp-plugin-appdata plugin in SUSE Linux Enterprise operating systems exists due to the lack of measures taken to neutralize special elements used in the operating system command. Exploiting this vulnerability allows an attacker to execute arbitrary code using speciall...

SUSE CVE-2023-22643

An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3; openSUSE Leap 15.4 allows attackers that can trick users to use specially crafted REPOALIAS, REPOTYPE or...

CVE-2023-22643

An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3; openSUSE Leap 15.4 allows attackers that can trick users to use specially crafted REPOALIAS, REPOTYPE or...

CVE-2023-22643 libzypp-plugin-appdata: potential arbitrary code execution via shell injection due to `os.system` calls

An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3; openSUSE Leap 15.4 allows attackers that can trick users to use specially crafted REPOALIAS, REPOTYPE or...

CVE-2023-22643 libzypp-plugin-appdata: potential arbitrary code execution via shell injection due to `os.system` calls

An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3; openSUSE Leap 15.4 allows attackers that can trick users to use specially crafted REPOALIAS, REPOTYPE or...

CVE-2023-22643

CVE-2023-22643 affects libzypp-plugin-appdata in SUSE Linux Enterprise Server for SAP 15-SP3 and openSUSE Leap 15.4. The issue is an OS command injection vulnerability due to improper neutralization of special elements in repo configuration (REPO_ALIAS, REPO_TYPE, REPO_METADATA_PATH) that can be ...

SUSE SLES15 Security Update : libzypp-plugin-appdata (SUSE-SU-2023:0140-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:0140-1 advisory. - An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in libzypp-plugin-appdata of SUS...

SUSE: Security Advisory (SUSE-SU-2023:0140-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libzypp-plugin-appdata (SUSE-SU-2023:0095-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0095-1 advisory. - An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerabili...

SUSE: Security Advisory (SUSE-SU-2023:0095-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2023:0095-1 Security update for libzypp-plugin-appdata

This update for libzypp-plugin-appdata fixes the following issues: - CVE-2023-22643: Fixed potential shell injection related to malicious repo names bsc1206836...

PT-2023-1560 · Suse · Libzypp-Plugin-Appdata +1

Name of the Vulnerable Software and Affected Versions: SUSE Linux Enterprise Server for SAP 15-SP3 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426 openSUSE Leap 15.4 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426 Description: The issue is related to an Improper...

CVE-2022-31739

When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.This bug only affects Firefox for Windows. Other operating systems are unaffected.. This...