39 matches found
EUVD-2016-10821
Wowza Streaming Engine 4.5.0 contains a local privilege escalation vulnerability that allows authenticated users to escalate privileges by replacing executable files due to improper file permissions granting full access to the Everyone group. Attackers can replace the nssmx64.exe binary in the...
EUVD-2006-3518
Malware in sbrugna...
EUVD-2019-9489
Malware in sbrugna...
EUVD-2022-25332
Malicious code in bioql PyPI...
CVE-2022-20072
In search engine service, there is a possible way to change the default search engine due to an incorrect comparison. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06219118; Issue ID:...
CVE-2019-19896
In IXP EasyInstall 6.2.13723, there is Remote Code Execution via weak permissions on the Engine Service share. The default file permissions of the IXP$ share on the server allows modification of directories and files e.g., bat-scripts, which allows execution of code in the context of NT...
CVE-2022-45798
A link following vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges by creating a symbolic link and abusing the service to delete a file. Please note: an attacker must first obtain...
CVE-2022-20072
In search engine service, there is a possible way to change the default search engine due to an incorrect comparison. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06219118; Issue ID:...
CVE-2022-20072
In search engine service, there is a possible way to change the default search engine due to an incorrect comparison. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06219118; Issue ID:...
CVE-2022-20072
CVE-2022-20072 affects MediaTek devices via a flaw in the search engine service that allows changing the default search engine due to an incorrect comparison, enabling local privilege escalation to System. Exploitation status is not detailed in the provided documents; user interaction is not requ...
多款 MediaTek 产品安全漏洞
MediaTek chips are a variety of chips from MediaTek, a division of China's MediaTek Mediatek. A security vulnerability exists in a number of MediaTek products that stems from a search engine service that may change the default search engine...
Microsoft Windows Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Windows Block Level Backup Engine Service wbengine that allows file deletion in arbitrary locations. To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application tha...
KB4556853: Windows 8.1 and Windows Server 2012 R2 May 2020 Security Update
The remote Windows host is missing security update 4556853 or cumulative update 4556846. It is, therefore, affected by multiple vulnerabilities : - A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests. An attacker who successfully exploited thi...
KB4556843: Windows 7 and Windows Server 2008 R2 May 2020 Security Update
The remote Windows host is missing security update 4556843 or cumulative update 4556836. It is, therefore, affected by multiple vulnerabilities : - A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests. An attacker who successfully exploited thi...
KB4556813: Windows 10 Version 1607 and Windows Server 2016 May 2020 Security Update
The remote Windows host is missing security update 4556813. It is, therefore, affected by multiple vulnerabilities : - A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a...
CVE-2019-19896
In IXP EasyInstall 6.2.13723, there is Remote Code Execution via weak permissions on the Engine Service share. The default file permissions of the IXP$ share on the server allows modification of directories and files e.g., bat-scripts, which allows execution of code in the context of NT...
CVE-2019-19896
In IXP EasyInstall 6.2.13723, there is Remote Code Execution via weak permissions on the Engine Service share. The default file permissions of the IXP$ share on the server allows modification of directories and files e.g., bat-scripts, which allows execution of code in the context of NT...
CVE-2019-19893
In IXP EasyInstall 6.2.13723, there is Directory Traversal on TCP port 8000 via the Engine Service by an unauthenticated attacker, who can access the server's filesystem with the access rights of NT AUTHORITY\SYSTEM...
Directory traversal
In IXP EasyInstall 6.2.13723, there is Directory Traversal on TCP port 8000 via the Engine Service by an unauthenticated attacker, who can access the server's filesystem with the access rights of NT AUTHORITY\SYSTEM...
Design/Logic Flaw
In IXP EasyInstall 6.2.13723, there is Remote Code Execution via weak permissions on the Engine Service share. The default file permissions of the IXP$ share on the server allows modification of directories and files e.g., bat-scripts, which allows execution of code in the context of NT...