CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2020/09/24 11:15 p.m.•1 views

CVE-2020-15843

ActFax Version 7.10 Build 0335 2020-05-25 is susceptible to a privilege escalation vulnerability due to insecure folder permissions on %PROGRAMFILES%\ActiveFax\Client, %PROGRAMFILES%\ActiveFax\Install\ and %PROGRAMFILES%\ActiveFax\Terminal. The folder permissions allow "Full Control" to...

7.3CVSS7.1AI score0.00029EPSS

NVD•added 2020/09/24 11:15 p.m.•12 views

CVE-2020-15843

7.3CVSS0.00029EPSS

Prion•added 2020/09/24 11:15 p.m.•10 views

Privilege escalation

4.4CVSS7.2AI score0.00029EPSS

Exploits1References1Affected Software1

Cvelist•added 2020/09/24 10:16 p.m.•12 views

CVE-2020-15843

7.3AI score0.00029EPSS

CNVD•added 2020/06/12 12:0 a.m.•1 views

Mids Reborn Hero Designer Code Issue Vulnerability

Mids Reborn Hero Designer is a suite of game character design software from Jason Thompson Software Developers. A code issue vulnerability exists in Mids Reborn Hero Designer version 2.6.0.7, which stems from the program failing to assign safe default permissions to the installation path, and can...

7.8CVSS7.3AI score0.00058EPSS

Prion•added 2020/06/04 8:15 p.m.•13 views

Design/Logic Flaw

The update feature for Pydio Cells 2.0.4 allows an administrator user to set a custom update URL and the public RSA key used to validate the downloaded update package. The update process involves downloading the updated binary file from a URL indicated in the update server response, validating it...

8.5CVSS7.3AI score0.01409EPSS

Exploits1References3Affected Software1

CNVD•added 2020/04/15 12:0 a.m.•1 views

Unspecified Vulnerability in Zoom Call Recording

Zoom Call Recording is a scalable session recording management solution from Zoom USA. An unspecified vulnerability exists in Zoom Call Recording. The vulnerability can be exploited to elevate privileges to root by replacing the /opt/callrec/bin/rs binary with a malicious file and leveraging...

9CVSS6.9AI score0.0032EPSS

OSV•added 2019/03/21 4:0 p.m.•2 views

CVE-2018-18435

KioWare Server version 4.9.6 and older installs by default to "C:\kiowarecom" with weak folder permissions granting any user full permission "Everyone: F" to the contents of the directory and it's sub-folders. In addition, the program installs a service called "KWSService" which runs as...

7.8CVSS5.8AI score0.00494EPSS

Exploits5References5

node-air-sdk remote code execution vulnerability

node-air-sdk is a package for accessing, and downloading Adobe AIR SDK binaries. A security vulnerability exists in node-air-sdk that originates when the program downloads binary resources over the HTTP protocol. A remote attacker could exploit the vulnerability by replacing the requested binary...

Windows-iedriver Module Command Execution Vulnerability

The windows-iedriver module is a module for installing the latest version of iedriver. A security vulnerability exists in the windows-iedriver module, which is caused by a program downloading a binary file over an unencrypted HTTP connection. An attacker can exploit the vulnerability by...

9.3CVSS8.1AI score0.00518EPSS

webdriver-launcher remote code execution vulnerability

webdriver-launcher is a tool that enables you to launch your browser using webdriver. A security vulnerability exists in webdriver-launcher that originates when the program downloads binary resources over the HTTP protocol. A remote attacker can exploit the vulnerability by replacing the requeste...

jstestdriver Remote Code Execution Vulnerability

jstestdriver is a JavaScript code testing , running tools. A security vulnerability exists in jstestdriver that originates when the program downloads binary resources over the HTTP protocol. A remote attacker can exploit the vulnerability by replacing the requested binary with an...

9.3CVSS8.2AI score0.01558EPSS

haxeshim code execution vulnerability

haxeshim is a package for managing multiple versions of Haxe simultaneously. A security vulnerability exists in haxeshim that originates when the program downloads a binary file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerability by intercepting the response and...

CNVD•added 2018/06/15 12:0 a.m.•4 views

haxe-dev code execution vulnerability

haxe-dev is a toolkit for building cross-platform tools and frameworks. A security vulnerability exists in haxe-dev that originates when the program downloads binary resources over the HTTP protocol. A remote attacker could exploit the vulnerability by replacing the requested binary with an...

CNVD•added 2018/05/31 12:0 a.m.•1 views

install-nw code execution vulnerability

install-nw is a tool for installing and caching NW.j modules. A security vulnerability exists in versions prior to install-nw 1.1.5, which originates when the program downloads binary resources over the HTTP protocol. A remote attacker can exploit the vulnerability by replacing the requested bina...

9.3CVSS7.1AI score0.00735EPSS

CNVD•added 2018/05/31 12:0 a.m.•2 views

dalek-browser-chrome-canary code execution vulnerability

dalek-browser-chrome-canary is a plugin for the DalekJS browser for Google Chrome. A security vulnerability exists in dalek-browser-chrome-canary that originates when the program downloads binary resources over the HTTP protocol. A remote attacker could exploit the vulnerability by replacing the...

9.3CVSS7.1AI score0.00518EPSS