Lucene search
+L

171 matches found

Cvelist
Cvelist
added 2023/06/19 12:0 a.m.34 views

CVE-2023-34641

KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function window.print which can then be used to open an unprivileged command prompt...

8AI score0.00233EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/06/19 12:0 a.m.8 views

KioWare 安全漏洞

KioWare is a suite of self-service terminal browser software. The software has the ability to restrict end-user access to certain interfaces. A security vulnerability exists in KioWare 8.33 and earlier versions, which stems from the presence of an incomplete blacklist filter, and can be exploited...

7.8CVSS7.3AI score0.00335EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/06/19 12:0 a.m.8 views

CVE-2023-34641

KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function window.print which can then be used to open an unprivileged command prompt...

7.5AI score0.00233EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/06/19 12:0 a.m.7 views

PT-2023-24963 · Unknown · Kioware For Windows

Name of the Vulnerable Software and Affected Versions: KioWare for Windows versions through 8.33 Description: The issue is related to an incomplete blacklist filter for blocked dialog boxes on Windows 10. Attackers can exploit this by opening a file dialog box via the window.print function, which...

7.8CVSS7.4AI score0.00233EPSS
Exploits0References8
The Hacker News
The Hacker News
added 2023/04/05 12:36 p.m.33 views

Hackers Using Self-Extracting Archives Exploit for Stealthy Backdoor Attacks

An unknown threat actor used a malicious self-extracting archive SFX file in an attempt to establish persistent backdoor access to a victim's environment, new findings from CrowdStrike show. SFX files are capable of extracting the data contained within them without the need for dedicated software...

7.5AI score
Exploits0
NVD
NVD
added 2023/04/04 4:15 p.m.30 views

CVE-2022-48222

An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK installation, certutil.exe is called by the Acuant installer to install certificates. This window is not hidden, and is running with elevated privileges. A standard user can break out of this window, obtaining a full...

7.8CVSS7.9AI score0.00135EPSS
Exploits0References2
Prion
Prion
added 2023/04/04 4:15 p.m.18 views

Privilege escalation

An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK installation, certutil.exe is called by the Acuant installer to install certificates. This window is not hidden, and is running with elevated privileges. A standard user can break out of this window, obtaining a full...

4.3CVSS7.9AI score0.00135EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/04/04 12:0 a.m.33 views

CVE-2022-48222

An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK installation, certutil.exe is called by the Acuant installer to install certificates. This window is not hidden, and is running with elevated privileges. A standard user can break out of this window, obtaining a full...

8.1AI score0.00135EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/04/04 12:0 a.m.6 views

Acuant AcuFill SDK 代码问题漏洞

Acuant AcuFill SDK is a data capture technology from the American company Acuant. All major data fields can be extracted from documents. A security vulnerability exists in Acuant AcuFill SDK that stems from the Acuant installer calling certutil.exe to install a certificate during SDK installation...

7.8CVSS7.3AI score0.00135EPSS
Exploits0References3
NVD
NVD
added 2023/03/13 1:15 p.m.28 views

CVE-2023-24579

McAfee Total Protection prior to 16.0.51 allows attackers to trick a victim into uninstalling the application via the command prompt...

7.8CVSS5.5AI score0.00244EPSS
Exploits0References2
OSV
OSV
added 2023/03/13 1:15 p.m.2 views

CVE-2023-24579

McAfee Total Protection prior to 16.0.51 allows attackers to trick a victim into uninstalling the application via the command prompt...

5.5CVSS6.1AI score0.00244EPSS
Exploits0References2
CVE
CVE
added 2023/03/13 12:0 a.m.63 views

CVE-2023-24579

CVE-2023-24579 concerns McAfee Total Protection prior to 16.0.51. The vulnerability allows a local attacker to trick a user into uninstalling the product via the command prompt. The description does not include specific exploit details, affected components, or remediation steps in the provided do...

7.8CVSS5.5AI score0.00244EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/13 12:0 a.m.7 views

CVE-2023-24579

McAfee Total Protection prior to 16.0.51 allows attackers to trick a victim into uninstalling the application via the command prompt...

5.5AI score0.00244EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/03/13 12:0 a.m.6 views

McAfee Total Protection 安全漏洞

McAfee Total Protection MTP is a suite of antivirus software from McAfee, Inc. in the United States. A security vulnerability exists in McAfee Total Protection prior to version 16.0.51, which originated from a vulnerability that allows an attacker to trick a victim into uninstalling an applicatio...

7.8CVSS5.8AI score0.00244EPSS
Exploits0References3
F5 Networks
F5 Networks
added 2023/02/21 6:12 p.m.12 views

K03544414: Running a CTU Diagnostics Report may leave elevated command prompt after report generation

Security Advisory Description This issue occurs when all of the following conditions are met: You run one of the following BIG-IP Edge Client for Windows versions: 7.2.1 or later 7.1.9.7 or later 7.1.8.4 or later You run the Client Troubleshooting Utility CTU Diagnostics Report with administrator...

6.7AI score
Exploits0
Veracode
Veracode
added 2022/12/13 3:44 a.m.22 views

Privilege Escalation

github.com/aws/amazon-cloudwatch-agent is vulnerable to privilege escalation. The vulnerability exists when a user triggers a repair of the Agent which results in a pop-up window opening with SYSTEM permissions on Windows, allowing an attacker with administrative access to create a new command...

7.1CVSS6.5AI score0.00482EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2022/12/12 12:0 a.m.4 views

Amazon CloudWatch Agent 安全漏洞

Amazon CloudWatch Agent is a package agent from Amazon.com, Inc. that runs autonomously and continuously on your server. A security vulnerability exists in Amazon CloudWatch Agent version 1.247354 and earlier, which stems from a privilege escalation issue that opens a pop-up window with SYSTEM...

7.1CVSS6.8AI score0.00482EPSS
Exploits0References3
NVD
NVD
added 2022/09/13 10:15 p.m.19 views

CVE-2022-34102

Insufficient access control vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM level command prompt...

8.8CVSS0.00915EPSS
Exploits0References2
OSV
OSV
added 2022/09/13 10:15 p.m.7 views

CVE-2022-34102

Insufficient access control vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM level command prompt...

8.8CVSS5.8AI score0.00915EPSS
Exploits0References2
CVE
CVE
added 2022/09/13 9:42 p.m.47 views

CVE-2022-34102

CVE-2022-34102 affects the Crestron AirMedia Windows Application, v4.3.1.39. The issue is an insufficient access control in the uninstallation flow that allows a user to pause the uninstallation of an executable and obtain a SYSTEM-level command prompt . Concretely, the vulnerability enables priv...

8.8CVSS8.8AI score0.00915EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder