171 matches found
CVE-2023-34641
KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function window.print which can then be used to open an unprivileged command prompt...
KioWare 安全漏洞
KioWare is a suite of self-service terminal browser software. The software has the ability to restrict end-user access to certain interfaces. A security vulnerability exists in KioWare 8.33 and earlier versions, which stems from the presence of an incomplete blacklist filter, and can be exploited...
CVE-2023-34641
KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function window.print which can then be used to open an unprivileged command prompt...
PT-2023-24963 · Unknown · Kioware For Windows
Name of the Vulnerable Software and Affected Versions: KioWare for Windows versions through 8.33 Description: The issue is related to an incomplete blacklist filter for blocked dialog boxes on Windows 10. Attackers can exploit this by opening a file dialog box via the window.print function, which...
Hackers Using Self-Extracting Archives Exploit for Stealthy Backdoor Attacks
An unknown threat actor used a malicious self-extracting archive SFX file in an attempt to establish persistent backdoor access to a victim's environment, new findings from CrowdStrike show. SFX files are capable of extracting the data contained within them without the need for dedicated software...
CVE-2022-48222
An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK installation, certutil.exe is called by the Acuant installer to install certificates. This window is not hidden, and is running with elevated privileges. A standard user can break out of this window, obtaining a full...
Privilege escalation
An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK installation, certutil.exe is called by the Acuant installer to install certificates. This window is not hidden, and is running with elevated privileges. A standard user can break out of this window, obtaining a full...
CVE-2022-48222
An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK installation, certutil.exe is called by the Acuant installer to install certificates. This window is not hidden, and is running with elevated privileges. A standard user can break out of this window, obtaining a full...
Acuant AcuFill SDK 代码问题漏洞
Acuant AcuFill SDK is a data capture technology from the American company Acuant. All major data fields can be extracted from documents. A security vulnerability exists in Acuant AcuFill SDK that stems from the Acuant installer calling certutil.exe to install a certificate during SDK installation...
CVE-2023-24579
McAfee Total Protection prior to 16.0.51 allows attackers to trick a victim into uninstalling the application via the command prompt...
CVE-2023-24579
McAfee Total Protection prior to 16.0.51 allows attackers to trick a victim into uninstalling the application via the command prompt...
CVE-2023-24579
CVE-2023-24579 concerns McAfee Total Protection prior to 16.0.51. The vulnerability allows a local attacker to trick a user into uninstalling the product via the command prompt. The description does not include specific exploit details, affected components, or remediation steps in the provided do...
CVE-2023-24579
McAfee Total Protection prior to 16.0.51 allows attackers to trick a victim into uninstalling the application via the command prompt...
McAfee Total Protection 安全漏洞
McAfee Total Protection MTP is a suite of antivirus software from McAfee, Inc. in the United States. A security vulnerability exists in McAfee Total Protection prior to version 16.0.51, which originated from a vulnerability that allows an attacker to trick a victim into uninstalling an applicatio...
K03544414: Running a CTU Diagnostics Report may leave elevated command prompt after report generation
Security Advisory Description This issue occurs when all of the following conditions are met: You run one of the following BIG-IP Edge Client for Windows versions: 7.2.1 or later 7.1.9.7 or later 7.1.8.4 or later You run the Client Troubleshooting Utility CTU Diagnostics Report with administrator...
Privilege Escalation
github.com/aws/amazon-cloudwatch-agent is vulnerable to privilege escalation. The vulnerability exists when a user triggers a repair of the Agent which results in a pop-up window opening with SYSTEM permissions on Windows, allowing an attacker with administrative access to create a new command...
Amazon CloudWatch Agent 安全漏洞
Amazon CloudWatch Agent is a package agent from Amazon.com, Inc. that runs autonomously and continuously on your server. A security vulnerability exists in Amazon CloudWatch Agent version 1.247354 and earlier, which stems from a privilege escalation issue that opens a pop-up window with SYSTEM...
CVE-2022-34102
Insufficient access control vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM level command prompt...
CVE-2022-34102
Insufficient access control vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM level command prompt...
CVE-2022-34102
CVE-2022-34102 affects the Crestron AirMedia Windows Application, v4.3.1.39. The issue is an insufficient access control in the uninstallation flow that allows a user to pause the uninstallation of an executable and obtain a SYSTEM-level command prompt . Concretely, the vulnerability enables priv...