CVE-2024-31226

Sunshine is a self-hosted game stream host for Moonlight. Users who ran Sunshine versions 0.17.0 through 0.22.2 as a service on Windows may be impacted when terminating the service if an attacked placed a file named C:\Program.exe, C:\Program.bat, or C:\Program.cmd on the user's computer. This...

CVE-2024-31226 Sunshine's unquoted executable path could lead to hijacked execution flow

Sunshine is a self-hosted game stream host for Moonlight. Users who ran Sunshine versions 0.17.0 through 0.22.2 as a service on Windows may be impacted when terminating the service if an attacked placed a file named C:\Program.exe, C:\Program.bat, or C:\Program.cmd on the user's computer. This...

CVE-2024-31226

Sunshine (Moonlight’s self-hosted game stream host) for Windows is affected in versions 0.17.0–0.22.2 when running as a service. An attacker could place a file named C:\Program.exe, C:\Program.bat, or C:\Program.cmd on the target machine and trigger hijacked execution flow during service terminat...

CVE-2024-31226 Sunshine's unquoted executable path could lead to hijacked execution flow

Sunshine is a self-hosted game stream host for Moonlight. Users who ran Sunshine versions 0.17.0 through 0.22.2 as a service on Windows may be impacted when terminating the service if an attacked placed a file named C:\Program.exe, C:\Program.bat, or C:\Program.cmd on the user's computer. This...

Improper access control

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-284 Improper Access Control, and stores project data in a directory with improper access control lists...

Design/Logic Flaw

The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOWFILEEDIT and DISALLOWFILEMODS settings and upload arbitrary files to the site through the "ajaxsave" function. The file is written relative to the current 's stylesheet directory, and a .php...

USN-5356-1 dosbox vulnerabilities

Alexandre Bartel discovered that DOSBox incorrectly handled long lines in certain files. An attacker could possibly use this issue to execute arbitrary code. CVE-2019-7165 Alexandre Bartel discovered that DOSBox incorrectly performed access control over certain directories. An attacker could...

CVE-2019-19741

Electronic Arts Origin 10.5.55.33574 is vulnerable to local privilege escalation due to arbitrary directory DACL manipulation, a different issue than CVE-2019-19247 and CVE-2019-19248. When Origin.exe connects to the named pipe OriginClientService, the privileged service verifies the client's...

Design/Logic Flaw

In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\ used by ccschedulersvc.exe allows local attackers to hijack dotnetproxy.exe, which leads to privilege escalation when the ccSchedulerSVC service runs the executable...

Design/Logic Flaw

In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\bd\TDUpdate2\ used by AMRT.exe allows local attackers to hijack bdcore.dll, which leads to privilege escalation when the AMRT service loads the DLL...

YiiCMS JetBrains PHPStorm 6.0.3 Database Disclosure

Exploit Title : YiiCMS JetBrains PHPStorm 6.0.3 Database Disclosure Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 10/04/2019 Vendor Homepage : jetbrains.com - yiiframework.com Software Download Link : github.com/johannesMatevosyan/yii-cms/archive/master.zip...

CVE-2006-0370

RCBlog 1.03 is affected by CVE-2006-0370 due to insufficient access control that allows remote attackers to view account names and MD5 password hashes by accessing data and config directories under the web root. OpenVAS/Nessus entries corroborate a related directory traversal/vector in RCBlog’s P...