Adaware Protect 安全漏洞

Adaware Protect is a free antivirus program from Adaware Canada. It is used for online security to protect your entire computer from suspicious websites. A security vulnerability exists in Adaware Protect version v1.2.439.4251 that stems from an insecure privilege configuration that allows an...

PT-2022-20742 · Adaware · Adaware Protect

Name of the Vulnerable Software and Affected Versions: Adaware Protect version 1.2.439.4251 Description: The issue is related to an insecure permissions configuration, which allows attackers to escalate privileges by changing the service binary path. Recommendations: For Adaware Protect version...

Cain & Abel 4.9.56 - Unquoted Service Path Vulnerability

Exploit Title: Cain & Abel 4.9.56 - Unquoted Service Path Exploit Author: Aryan Chehreghani Software Link: https://www.malavida.com/en/soft/cain-and-abel Version: 4.9.56 Tested on: Windows 10 x64 PoC SERVICENAME: Abel TYPE : 110 WIN32OWNPROCESS interactive STARTTYPE : 2 AUTOSTART ERRORCONTROL : 1...

CVE-2021-35504

CVE-2021-35504 affects Afian FileRun 2021.03.26 and enables Remote Code Execution (RCE) via the Check Path value used for the ffmpeg binary. The Red Hat and CVE/NVD entries confirm the vulnerability exists in that FileRun release and describe the root cause as improper handling of the ffmpeg bina...

GHSA-M6RW-M2V9-7HX4 OS Command Injection in wifiscanner

wifiscanner.js in thingsSDK WiFi Scanner 1.0.1 allows Code Injection because it can be used with options to overwrite the default executable/binary path and its arguments. An attacker can abuse this functionality to execute arbitrary code...

CVE-2021-21415

Prisma VS Code a VSCode extension for Prisma schema files. This is a Remote Code Execution Vulnerability that affects all versions of the Prisma VS Code extension older than 2.20.0. If a custom binary path for the Prisma format binary is set in VS Code Settings, for example by downloading a proje...

Remote code execution

Prisma VS Code a VSCode extension for Prisma schema files. This is a Remote Code Execution Vulnerability that affects all versions of the Prisma VS Code extension older than 2.20.0. If a custom binary path for the Prisma format binary is set in VS Code Settings, for example by downloading a proje...

CVE-2021-21415 Visual Studio Code Prisma Extension Remote Code Execution Vulnerability

Prisma VS Code a VSCode extension for Prisma schema files. This is a Remote Code Execution Vulnerability that affects all versions of the Prisma VS Code extension older than 2.20.0. If a custom binary path for the Prisma format binary is set in VS Code Settings, for example by downloading a proje...

PT-2021-14490 · Prisma · Prisma Vs Code

Name of the Vulnerable Software and Affected Versions: Prisma VS Code versions prior to 2.20.0 Description: This issue is a Remote Code Execution vulnerability. It affects the Prisma VS Code extension when a custom binary path for the Prisma format binary is set in VS Code Settings, for example,...

Traccar Code Issues Vulnerabilities

Traccar is the United States Traccar company of a Java-based GPS tracking can provide the function of building the system . The software supports more than 170 kinds of GPS protocols and more than 1500 models of GPS tracking devices . traccar can be used with any major SQL database system . It al...

Code injection

wifiscanner.js in thingsSDK WiFi Scanner 1.0.1 allows Code Injection because it can be used with options to overwrite the default executable/binary path and its arguments. An attacker can abuse this functionality to execute arbitrary code...

Chrome Gather Cookies

Read all cookies from the Default Chrome profile of the target user. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Chrome Gather Cookies', 'Description' = 'Read all cookies from the Default...

CVE-2018-12441

The CorsairService Service in Corsair Utility Engine is installed with insecure default permissions, which allows unprivileged local users to execute arbitrary commands via modification of the CorsairService BINARYPATHNAME, leading to complete control of the affected system. The issue exists due ...

CVE-2018-7715

PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability with its com.privat.vpn.helper privileged helper tool. This privileged helper tool implements an XPC service that allows arbitrary installed applications to connect and send messages. The XPC service extracts the...

LogicalDOC Enterprise 7.7.4 - Root Remote Code Execution

LogicalDOC Enterprise 7.7.4 - Root Remote Code Execution LogicalDOC Enterprise 7.7.4 Post-Auth Command Execution Via Binary Path Manipulation Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary:...

LogicalDOC Enterprise 7.7.4 Post-Auth Command Execution Via Binary Path Manipulation

Summary LogicalDOC is a free document management system that is designed to handle and share documents within an organization. LogicalDOC is a content repository, with Lucene indexing, Activiti workflow, and a set of automatic import procedures. Description LogicalDOC suffers from multiple...

CVE-2017-15383

Nero 7.10.1.0 has an unquoted BINARYPATHNAME for NBService, exploitable via a Trojan horse Nero.exe file in the %PROGRAMFILESx86%\Nero directory...

HP Hotkey Support Service 6.2.17.1 Privilege Escalation

Exploit Title: HP Hotkey Support Service - Unquoted Service Path Privilege Escalation Date: date Exploit Author: Owais Mehtab, Tayeeb Rana Vendor Homepage: http://www.hp.com/ Software Link: http://h20564.www2.hp.com/hpsc/swd/public/detail?swItemId=ob1296721 Version: 6.2.17.1 Tested on: Win7 Sp1...

PDF Complete Office Edition 4.1.12 - Unquoted Service Path Privilege Escalation Exploit

Exploit Title : PDFcompletecorporateedition.rb - 'Unquoted Service Path Privilege Escalation' PDF Version : 4.1.12 vuln Discover : Joey Lane Module Author : pedr0 Ubuntu r00t-3xp10it Tested on : Windows 7 Professional Software Link : http://www.pdfcomplete.com/cms/Downloads.aspx "This was tested ...

NO-IP DUC 4.1.1 Privilege Escalation

===================================================== NO-IP DUC v4.1.1 - Unquoted Service Path Privilege Escalation ===================================================== Vendor Homepage: http://noip.com Date: 14 Oct 2016 Software Link : http://www.noip.com/client/DUCSetupv411.exe Version : 4.1.1...