CVE-2020-24307

An issue in mRemoteNG v1.76.20 allows attackers to escalate privileges via a crafted executable file. NOTE: third parties were unable to reproduce any scenario in which the claimed access of BUILTIN\Users:M is present...

Design/Logic Flaw

An issue in mRemoteNG v1.76.20 allows attackers to escalate privileges via a crafted executable file. NOTE: third parties were unable to reproduce any scenario in which the claimed access of BUILTIN\Users:M is present...

ESTsoft Alyac 安全漏洞

ESTsoft Alyac is a low-priced comprehensive security software from the Korean company ESTsoft. A security vulnerability exists in ESTsoft Alyac version 2.5.8.645, which originates from a denial-of-service vulnerability in the malware scanning function, which can be exploited by an attacker to sen...

CVE-2020-24307

CVE-2020-24307 affects mRemoteNG v1.76.20. The issue is an improper access control vulnerability that allows privilege escalation through a crafted executable file. The Packet Storm advisory confirms vulnerable version 1.76.20 and lists a fixed version: 1.76.20.24615. Exploitation notes in the pu...

CVE-2022-4258 Hima: Unquoted path vulnerabilities in HIMA PC based Software

In multiple versions of HIMA PC based Software an unquoted Windows search path vulnerability might allow local users to gain privileges via a malicious .exe file and gain full access to the system...

CVE-2022-46875

The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's computer. Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.. This vulnerability affects Firefox 108, Firefox ESR 102.6, and...

CVE-2022-46875

The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's computer. Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.. This vulnerability affects Firefox 108, Firefox ESR 102.6, and...

CVE-2022-46875

The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's computer. Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.. This vulnerability affects Firefox 108, Firefox ESR 102.6, and...

CVE-2022-46875

The Mozilla Foundation Security Advisory describes this flaw as: The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's computer. Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected...

Slackware Linux 15.0 mozilla-firefox Multiple Vulnerabilities (SSA:2022-348-01)

The version of mozilla-firefox installed on the remote host is prior to 102.6.0esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-348-01 advisory. - An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary file...

Mozilla Firefox ESR < 102.6

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 102.6. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-52 advisory. - A use-after-free in WebGL extensions could have led to a potentially exploitable crash. CVE-2022-46882 -...

Security Vulnerabilities fixed in Thunderbird 102.6 — Mozilla

A missing check related to tex units could have led to a use-after-free and potentially exploitable crash. An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.This bug only affects Thunderbird for Linux...

Mozilla Firefox < 108.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 108.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-51 advisory. - Mozilla developers and community members Lukas Bernhard, Gabriele Svelto, Randell Jesup, and the Mozilla...

BACKCLICK 路径遍历漏洞

BACKCLICK is a marketing software from BACKCLICK Germany that helps organizations create, implement, measure and run web-based email campaigns. A security vulnerability exists in BACKCLICK Professional version 5.9.63 that stems from improper validation or cleanup of uploaded filenames, where an...

PT-2022-25146 · Panini · Panini Everest Engine

Name of the Vulnerable Software and Affected Versions: Panini Everest Engine version 2.0.4 Description: The issue allows unprivileged users to create a file named Everest.exe in the %PROGRAMDATA%Panini folder, leading to privilege escalation. A service running as SYSTEM uses the unquoted path of...

CVE-2022-38932

readelf in ToaruOS 2.0.1 has a global overflow allowing RCE when parsing a crafted ELF file...

Backdoor.Win32.Augudor.b MVID-2022-0644 Code Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/94ccd337cbdd4efbbcc0a6c888abb87d.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Augudor.b Vulnerability: Remote File Write Code Execution Description: The...

ManageEngine ADAudit Plus CVE-2022-28219

This module exploits CVE-2022-28219, which is a pair of vulnerabilities in ManageEngine ADAudit Plus versions before build 7060: a path traversal in the /cewolf endpoint, and a blind XXE in, to upload and execute an executable file. Module Options msf use...

CVE-2022-26352

An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal, in which the file is saved outside of the intended storage location. If anonymous...

CVE-2021-34986

Parallels Desktop 16.5.0 (49183) contains a local privilege escalation in the Parallels Service. By creating a symbolic link, an attacker who can run low-privileged code can abuse the service to execute a file, escalating to root and executing arbitrary code. This has been disclosed as ZDI-22-385...