Pronestor Health Monitoring Privilege Escalation

Summary The Pronestor service "PNHM" aka Health Monitoring or HealthMonitor before 8.1.12.0 has "BUILTIN\Users:IF" permissions for the "%PROGRAMFILESX86%\proNestor\Outlook add-in for Pronestor\PronestorHealthMonitor.exe" file, which allows local users to gain privileges via a Trojan horse...

S3 Ransomware Part 1: Attack Vector

The post S3 Ransomware Part 1: Attack Vector appeared first on Rhino Security Labs...

Smart Bluetooth door locks are vulnerable to logic flaws

Beijing Xiyou Information Technology Co., Ltd. is a company that provides online operation and management platform and offline intelligent service solutions for spaces, parks and commercial buildings. A logic flaw vulnerability exists in smart Bluetooth door locks, which can be exploited by...

PT-2019-11722 · Jenkins · Jenkins Artifactory Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Artifactory Plugin versions 3.2.2 and earlier Description: A cross-site request forgery issue allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturin...

CVE-2017-15652

Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected libga imagemagick used that. The attack vector is: Someone must open a postscript file though...

CVE-2017-15652

Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected libga imagemagick used that. The attack vector is: Someone must open a postscript file though...

Cross site scripting

An issue was discovered in Joomla! before 3.9.6. The debug views of comusers do not properly escape user supplied data, which leads to a potential XSS attack vector...

Fortinet FortiClient Code Execution Vulnerability

Fortinet FortiClient is a mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. A security vulnerability exists in Fortinet FortiClient...

Memory corruption

nanosvg library nanosvg after commit c1f6e209c16b18b46aa9f45d7e619acf42c29726 is affected by: Buffer Overflow. The impact is: Memory corruption leading to at least DoS. More severe impact vectors need more investigation. The component is: it's part of a svg processing library. function...

CVE-2019-1010258

nanosvg library nanosvg after commit c1f6e209c16b18b46aa9f45d7e619acf42c29726 is affected by: Buffer Overflow. The impact is: Memory corruption leading to at least DoS. More severe impact vectors need more investigation. The component is: it's part of a svg processing library. function...

CVE-2019-1010258

nanosvg library nanosvg after commit c1f6e209c16b18b46aa9f45d7e619acf42c29726 is affected by: Buffer Overflow. The impact is: Memory corruption leading to at least DoS. More severe impact vectors need more investigation. The component is: it's part of a svg processing library. function...

CVE-2019-3787: UAA defaults email address to an insecure domain | Cloud Foundry

Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions UAA Release OSS All versions prior to v73.0.0 Description Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending “unknown.org” to a user’s email address when one is not provided and the user...

ghostscript security update

CentOS Errata and Security Advisory CESA-2019:1017 An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Design/Logic Flaw

Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors...

Cross site request forgery (csrf)

Metinfo 5.3.18 is affected by: Cross Site Request Forgery CSRF. The impact is: Information Disclosure remote. The component is: admin/interface/online/delete.php. The attack vector is: The administrator clicks on the malicious link in the login state...

CVE-2017-12789

Metinfo 5.3.18 is affected by: Cross Site Request Forgery CSRF. The impact is: Information Disclosure remote. The component is: admin/interface/online/delete.php. The attack vector is: The administrator clicks on the malicious link in the login state...

CVE-2017-12789

Metinfo 5.3.18 is affected by: Cross Site Request Forgery CSRF. The impact is: Information Disclosure remote. The component is: admin/interface/online/delete.php. The attack vector is: The administrator clicks on the malicious link in the login state...

Sql injection

http://codecanyon.net/user/Endober WebFile Explorer 1.0 is affected by: SQL Injection. The impact is: Arbitrary File Download remote. The component is: $file = $GET'id' in download.php. The attack vector is:...

Cross site request forgery (csrf)

Metinfo 5.3.18 is affected by: Cross Site Request Forgery CSRF. The impact is: Information Disclosure remote. The component is: admin/index.php. The attack vector is: The administrator clicks on the malicious link in the login state...

CVE-2017-12761

http://codecanyon.net/user/Endober WebFile Explorer 1.0 is affected by: SQL Injection. The impact is: Arbitrary File Download remote. The component is: $file = $GET'id' in download.php. The attack vector is:...