CVE-2024-57394

The quarantine - restore function in Qi-ANXIN Tianqing Endpoint Security Management System v10.0 allows user to restore a malicious file to an arbitrary file path. Attackers can write malicious DLL to system path and perform privilege escalation by leveraging Windows DLL hijacking vulnerabilities...

CVE-2024-57394

The quarantine - restore function in Qi-ANXIN Tianqing Endpoint Security Management System v10.0 allows user to restore a malicious file to an arbitrary file path. Attackers can write malicious DLL to system path and perform privilege escalation by leveraging Windows DLL hijacking vulnerabilities...

HCL Technologies HCL BigFix Platform Cross-Site Scripting Vulnerability

HCL Technologies HCL BigFix Platform is a suite of endpoint security management platforms from HCL Technologies, USA. The platform supports automated discovery, management and remediation of endpoint security issues. A security vulnerability exists in HCL BigFix Platform due to a missing specific...

HCL BigFix Platform Console 安全漏洞

HCL BigFix Platform is an endpoint security management platform. The platform supports automated discovery, management and remediation of endpoint security issues. A security vulnerability exists in the HCL BigFix Platform Console. An attacker exploited the vulnerability to perform elevation of...

HCL BigFix Platform 安全漏洞

HCL Technologies HCL BigFix Platform is a suite of endpoint security management platform from HCL Technologies, India. The platform supports automated discovery, management and remediation of endpoint security issues. A security vulnerability exists in HCL BigFix Platform that stems from a cookie...

HCL BigFix Platform 加密问题漏洞

HCL Technologies HCL BigFix Platform is a suite of endpoint security management platform from HCL Technologies, India. The platform supports automated discovery, management and remediation of endpoint security issues. A security vulnerability exists in HCL Technologies HCL BigFix Platform. An...

Unspecified Vulnerability in HCL BigFix Inventory

HCL BigFix Platform is a suite of endpoint security management platform from HCL India. The platform supports automated discovery, management and remediation of endpoint security issues. A security vulnerability exists in HCL BigFix Inventory v10.0.2 onwards, which stems from not disabling the...

Weak Password Vulnerability in FireWool Endpoint Security Management System

FireFleece Endpoint Security Management System is an enterprise version of computer security protection software. The FireWool Endpoint Security Management System has a weak password vulnerability that can be exploited by attackers to obtain sensitive information...

CVE-2007-5665

STEngine.exe 3.5.0.20 in Novell ZENworks Endpoint Security Management ESM 3.5, and other ESM versions before 3.5.0.82, dynamically creates scripts in a world-writable directory when generating diagnostic reports, which allows local users to gain privileges, as demonstrated by creating a cmd.exe...

Directory traversal

STEngine.exe 3.5.0.20 in Novell ZENworks Endpoint Security Management ESM 3.5, and other ESM versions before 3.5.0.82, dynamically creates scripts in a world-writable directory when generating diagnostic reports, which allows local users to gain privileges, as demonstrated by creating a cmd.exe...

CVE-2007-5665

The CVE-2007-5665 issue affects Novell ZENworks Endpoint Security Management (ESM) STEngine.exe (version around 3.5.0.20) where diagnostic report generation uses scripts in a world-writable directory. The service runs as SYSTEM and will execute a command shell found in that directory; if a local ...

Novell ZENworks ESM客户端STEngine.exe本地权限提升漏洞

BUGTRAQ ID: 27146 CVECAN ID: CVE-2007-5665 Novell ZENworks Endpoint Security Management（ESM）的安全客户端允许集中管理防火墙保护策略。 ESM在处理命令的执行时存在漏洞，本地攻击者可能利用此漏洞提升自己的权限。 当在工作站上安装ZENworks ESM的安全客户端时，就会将STEngine服务设置为在本地SYSTEM帐号下运行。以下可执行程序中实现这个服务： 文件名：STEngine.exe（1,847,296字节） 版本：3.5.0.20...