864 matches found
CVE-2020-14022
Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file type when bulk importing new contacts "Import Contacts" functionality from a file. It is possible to upload an executable or .bat file that can be executed with the help of a functionality E.g. the "Application Starter" module...
CVE-2019-10679
Thomson Reuters Eikon 4.0.42144 allows all local users to modify the service executable file because of weak %PROGRAMFILESX86%\Thomson Reuters\Eikon permissions...
CVE-2019-10679
Thomson Reuters Eikon 4.0.42144 allows all local users to modify the service executable file because of weak %PROGRAMFILESX86%\Thomson Reuters\Eikon permissions...
Path traversal
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software V2.0 and earlier when accessing a vulnerable method of SoundUploadServlet which may lead to uploading executable files to non-specified directories...
CVE-2020-25031
checkinstall 1.6.2, when used to create a package that contains a symlink, may trigger the creation of a mode 0777 executable file...
CVE-2020-25031
checkinstall 1.6.2, when used to create a package that contains a symlink, may trigger the creation of a mode 0777 executable file...
CVE-2020-25031
The CVE-2020-25031 issue affects checkinstall 1.6.2. When used to create a package that contains a symlink, it may trigger the creation of a mode 0777 executable file. No other technical details (affected platforms, exact root cause beyond this behavior, exploitation status, or available patches)...
CVE-2020-25031
checkinstall 1.6.2, when used to create a package that contains a symlink, may trigger the creation of a mode 0777 executable file...
Huawei EulerOS: Security Advisory for flatpak (EulerOS-SA-2020-1846)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Acronis: Local Privilege Escalation via EXE hijacking with Acronis True Image 2021 installer
Vulnerability description not provided...
EulerOS 2.0 SP8 : flatpak (EulerOS-SA-2020-1846)
According to the version of the flatpak packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the applyextra script sandbox, which allows attackers to modify a host-si...
Sinter - A User-Mode Application Authorization System For MacOS Written In Swift
Sinter is a 100% user-mode endpoint security agent for macOS 10.15 and above, written in Swift. Sinter uses the user-mode EndpointSecurity API to subscribe to and receive authorization callbacks from the macOS kernel, for a set of security-relevant event types. The current version of Sinter...
Design/Logic Flaw
radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parsetypedef in typedwarf.c via a malformed DWATname in the .debuginfo section...
Command Execution Vulnerability in Media Mate
Media Mate is a media center similar to Plex. Media Mate has a command execution vulnerability that can be exploited by an attacker to execute a malicious exe file...
CVE-2020-13866
WinGate v9.4.1.5998 is affected by an Insecure Permissions Elevation of Privilege vulnerability: the installation directory grants full control to authenticated users, enabling local attackers to replace an executable with a Trojan horse and escalate privileges (often to SYSTEM) after a restart. ...
Foxit PhantomPDF code issue vulnerability (CNVD-2020-32467)
Foxit PhantomPDF is China's Foxit Foxit company a PDF document reader. A security vulnerability exists in Foxit PhantomPDF versions prior to 8.3.6. The vulnerability can be exploited by an attacker to execute arbitrary applications with the help of an embedded executable file...
Design/Logic Flaw
An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows arbitrary application execution via an embedded executable file in a PDF portfolio, aka FG-VD-18-029...
CVE-2020-12828
CVE-2020-12828 affects the AnchorFree VPN SDK prior to 1.3.3.218. The vulnerable component is the VPN SDK service, which binds a socket on localhost and uses a provided path to a executable file, leading to execution of that malicious file with SYSTEM privileges. The connected Red Hat and CNVD en...
Command Injection
radare2 is vulnerable to command injection. A command injection vulnerability exists in the function binsymbols in libr/core/cbin.c. An attacker is able to execute arbitrary shell commands using a malicious executable file due to improper handling of symbol names embedded in executables...
Malicious Package
atlas-client is a malicious package. The package typosquats on the original package atlasclient and executes malicious code in a portable executable hidden in a .png file...