Lemocms Code Issues Vulnerabilities

Lemocms is a backend administration site builder developed by Lemocms Community based on ThinkPhp. A security vulnerability exists in lemocms version 1.8.x. The vulnerability stems from allowing users to upload files to upload executable files in appadmincontrollersysUploads.php...

CVE-2020-4588

IBM i2 iBase 8.9.13 is vulnerable to unrestricted file upload, allowing uploaded executables to be run, potentially causing code execution on a victim. IBM’s Security Bulletin confirms the fix in iBase 9 and advises upgrading to a version that includes the fix. Affected product/version: IBM i2 iB...

CVE-2020-24807

The socket.io-file package through 2.0.31 for Node.js relies on client-side validation of file types, which allows remote attackers to execute arbitrary code by uploading an executable file via a modified JSON name field. NOTE: This vulnerability only affects products that are no longer supported...

CVE-2020-24807

The socket.io-file package through 2.0.31 for Node.js relies on client-side validation of file types, which allows remote attackers to execute arbitrary code by uploading an executable file via a modified JSON name field. NOTE: This vulnerability only affects products that are no longer supported...

CVE-2020-14022

Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file type when bulk importing new contacts "Import Contacts" functionality from a file. It is possible to upload an executable or .bat file that can be executed with the help of a functionality E.g. the "Application Starter" module...

CVE-2019-10679

Thomson Reuters Eikon 4.0.42144 allows all local users to modify the service executable file because of weak %PROGRAMFILESX86%\Thomson Reuters\Eikon permissions...

CVE-2019-10679

Thomson Reuters Eikon 4.0.42144 allows all local users to modify the service executable file because of weak %PROGRAMFILESX86%\Thomson Reuters\Eikon permissions...

Path traversal

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software V2.0 and earlier when accessing a vulnerable method of SoundUploadServlet which may lead to uploading executable files to non-specified directories...

CVE-2020-25031

checkinstall 1.6.2, when used to create a package that contains a symlink, may trigger the creation of a mode 0777 executable file...

CVE-2020-25031

checkinstall 1.6.2, when used to create a package that contains a symlink, may trigger the creation of a mode 0777 executable file...

CVE-2020-25031

The CVE-2020-25031 issue affects checkinstall 1.6.2. When used to create a package that contains a symlink, it may trigger the creation of a mode 0777 executable file. No other technical details (affected platforms, exact root cause beyond this behavior, exploitation status, or available patches)...

CVE-2020-25031

checkinstall 1.6.2, when used to create a package that contains a symlink, may trigger the creation of a mode 0777 executable file...

Huawei EulerOS: Security Advisory for flatpak (EulerOS-SA-2020-1846)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Acronis: Local Privilege Escalation via EXE hijacking with Acronis True Image 2021 installer

Vulnerability description not provided...

EulerOS 2.0 SP8 : flatpak (EulerOS-SA-2020-1846)

According to the version of the flatpak packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the applyextra script sandbox, which allows attackers to modify a host-si...

Sinter - A User-Mode Application Authorization System For MacOS Written In Swift

Sinter is a 100% user-mode endpoint security agent for macOS 10.15 and above, written in Swift. Sinter uses the user-mode EndpointSecurity API to subscribe to and receive authorization callbacks from the macOS kernel, for a set of security-relevant event types. The current version of Sinter...

Design/Logic Flaw

radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parsetypedef in typedwarf.c via a malformed DWATname in the .debuginfo section...

Command Execution Vulnerability in Media Mate

Media Mate is a media center similar to Plex. Media Mate has a command execution vulnerability that can be exploited by an attacker to execute a malicious exe file...

CVE-2020-13866

WinGate v9.4.1.5998 is affected by an Insecure Permissions Elevation of Privilege vulnerability: the installation directory grants full control to authenticated users, enabling local attackers to replace an executable with a Trojan horse and escalate privileges (often to SYSTEM) after a restart. ...

Foxit PhantomPDF code issue vulnerability (CNVD-2020-32467)

Foxit PhantomPDF is China's Foxit Foxit company a PDF document reader. A security vulnerability exists in Foxit PhantomPDF versions prior to 8.3.6. The vulnerability can be exploited by an attacker to execute arbitrary applications with the help of an embedded executable file...