25 matches found
EUVD-2016-4207
Malware in sbrugna...
EUVD-2024-23260
Malicious code in bioql PyPI...
Siemens License Server(SLS) 安全漏洞
Siemens License Server SLS is a tool from Siemens, Germany, for managing and distributing licenses for Siemens software products. A privilege mismanagement vulnerability exists in Siemens License Server that stems from not properly validating an executable file in an application folder, which can...
CVE-2024-25958
Dell Grab for Windows, versions up to and including 5.0.4, contain Weak Application Folder Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to privilege escalation, unauthorized access to application data, unauthorized modification of...
CVE-2024-25958
Dell Grab for Windows, versions up to and including 5.0.4, contain Weak Application Folder Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to privilege escalation, unauthorized access to application data, unauthorized modification of...
CVE-2024-25958
Dell Grab for Windows (up to 5.0.4) contains a Weak Application Folder Permissions vulnerability that can be exploited by a local authenticated attacker to achieve privilege escalation, access/modify application data, and potentially disrupt services. Root cause is improper folder permissions wit...
Dell Grab 安全漏洞
Dell Grab is a configuration technology from Dell, Inc. It is used to collect data on hosts connected to Dell EMC storage devices. A security vulnerability exists in Dell Grab 5.0.4 and prior versions, which stems from a vulnerability in application folder permissions that could be exploited by a...
Honeywell ProWatch Security Vulnerability
Honeywell ProWatch is Honeywell's integrated solution through its network video recording technology, access management and cloud connectivity ecosystem. A security vulnerability exists in Honeywell ProWatch version 4.5, which originates from a vulnerability contained in the application server's...
Siemens APOGEE Insight Incorrect File Permissions (CVE-2016-3155)
Siemens APOGEE Insight uses weak permissions for the application folder, which allows local users to obtain sensitive information or modify data via unspecified vectors. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...
CVE-2020-26894
LiveCode v9.6.1 on Windows allows local, low-privileged users to gain privileges by creating a malicious "cmd.exe" in the folder of the vulnerable LiveCode application. If the application is using LiveCode's "shell" function, it will attempt to search for "cmd.exe" in the folder of the current...
Mail.ru: Private file read through file attachment
my.com MyMail application for Android could be tricked by malicious local application selected as a file picker by user to copy the file from application folder to insecure location...
CVE-2018-14927
Matera Banco 1.0.0 is vulnerable to path traversal allowing access to system files outside the default application folder via the /contingency/servlet/ServletFileDownload file parameter, related to /contingency/web/receiptQuery/receiptDisplay.jsp...
Jfrog Artifactory < 4.16 - Arbitrary File Upload / Remote Command Execution
Exploit Title: Jfrog Artifactory alert/Vulnerable/" within the file app.html : POST /artifactory/ui/artifact/upload HTTP/1.1 Host: removed User-Agent: removed Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate...
Jfrog Artifactory < 4.16 - Unauthenticated Arbitrary File Upload / Remote Command Execution Vulne
Exploit for linux platform in category web applications Exploit Title: Jfrog Artifactory alert/Vulnerable/" within the file app.html : POST /artifactory/ui/artifact/upload HTTP/1.1 Host: removed User-Agent: removed Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8...
InstantHMI 6.1 - Privilege Escalation
Exploit for windows platform in category local exploits Title: InstantHMI - EoP: User to ADMIN CWE Class: CWE-276: Incorrect Default Permissions Date: 01/06/2016 Vendor: Software Horizons Product: InstantHMI Version: 6.1 Download link: http://www.instanthmi.com/ihmisoftware.htm Tested on: Windows...
IPhone TreasonSMS - HTML Inject & File Include Vulnerability
Title: ====== IPhone TreasonSMS - HTML Inject & File Include Vulnerability Date: ===== 2012-04-23 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=154 VL-ID: ===== 154 Introduction: ============= treasonSMS allows you to send SMS from your desktop computer. It turns your...
Adobe Shockwave Player Detection (Mac OS X SSH Login)
Detects the installed version of Adobe Shockwave Player on Mac OS X. The script logs in via ssh, and searches for adobe products SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Microsoft ASP.NET Application Folder Information Disclosure (MS06-033; CVE-2006-1300)
ASP.NET is a technology that provides a programming model and infrastructure for creating dynamic web applications. ASP.NET is part of the Microsoft .NET Framework. ASP.NET is deployed on the Microsoft Internet Information Server, which treats files with the .aspx extension as ASP.NET files and...
SonicWALL Global VPN Client weak file permissions
Everyone:Full Control permission on application folder...
CVE-2006-5968
MDaemon 9.0.5, 9.0.6, 9.51, and 9.53, and possibly other versions, installs the MDaemon application folder with insecure permissions Users create files/directories, which allows local users to execute arbitrary code by creating malicious RASAPI32.DLL or MPRAPI.DLL libraries in the MDaemon\APP...