PT-2024-24055 · Apache · Apache Streampipes

Name of the Vulnerable Software and Affected Versions: Apache StreamPipes versions through 0.93.0 Description: The issue is related to an Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes. This vulnerability may allow the upload of executable files, potentially...

Kiloview P1 and P2 Security Vulnerabilities

Kiloview P1 4G Video Encoder and Kiloview P2 4G Video Encoder are both a professional video encoder device from Kiloview China. A security vulnerability exists in the Kiloview P1 and P2. An attacker could exploit this vulnerability to download source code or executable files from a remote locatio...

Access Bypass

ezsystems/ezplatform is vulnerable to Access Bypass. The vulnerability is due to inadequate rewrite rules for blocking access to executable files in the var directory when using eZ Platform Cloud on Platform.sh...

Latrodectus Malware Loader Emerges as IcedID's Successor in Phishing Campaigns

Cybersecurity researchers have observed a spike in email phishing campaigns starting early March 2024 that delivers Latrodectus, a nascent malware loader believed to be the successor to the IcedID malware. "These campaigns typically involve a recognizable infection chain involving oversized...

CVE-2024-20366

A vulnerability in the Tail-f High Availability Cluster Communications HCC function pack of Cisco Crosswork Network Services Orchestrator NSO could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability exists because a user-controlled searc...

CVE-2024-20366

A vulnerability in the Tail-f High Availability Cluster Communications HCC function pack of Cisco Crosswork Network Services Orchestrator NSO could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability exists because a user-controlled searc...

PT-2024-40140 · Ez Systems · Ez Platform

Name of the Vulnerable Software and Affected Versions: ezplatform versions prior to 1.7.9.1 ezplatform versions prior to 1.13.5.1 ezplatform versions prior to 2.5.4.1 Description: The issue affects eZ Platform setups on the Platform.sh cloud service, where a rewrite rule intended to block access ...

JVN#13113728: "EasyRange" may insecurely load executable files

"EasyRange" provided by sira.jp according to the original report submitted by the reporter is a tool to extract compressed files. "EasyRange" contains an issue with the executable file search path when displaying an extracted file on Explorer, which may lead to loading an executable file resides ...

PT-2024-4032 · Unknown · Laborofficefree

Name of the Vulnerable Software and Affected Versions: LaborOfficeFree version 19.10 Description: The issue affects the executable files LOF service.exe and LaborOfficeFree.exe, allowing an attacker to read and extract the username and password from the database. This can lead to unauthorized...

CVE-2022-45793 Executable files writable by low-privileged users in Omron Sysmac Studio

Sysmac Studio installs executables in a directory with poor permissions. This can allow a locally-authenticated attacker to overwrite files which will result in code execution with privileges of a different user...

Remote code execution

Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because uploadaction and editaction in AdminSmileysController do not check the file extension. This leads to remote code execution with the privileges of the www-data user. The fixed versions are 5.3.4, 5.2.6, 5.1.7,...

CVE-2023-48371

ITPison OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service...

Design/Logic Flaw

ITPison OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service...

CVE-2023-48371 ITPison OMICARD EDM 's SMS - Arbitrary File Upload

ITPison OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service...

Security Vulnerabilities fixed in Firefox 119 — Mozilla

It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header...

CVE-2023-27133

TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILESX86%\TSplus-RemoteWork\Clients\www folder. This may enable privilege escalation if a different local user modifies a file. NOTE: CVE-2023-31067 and CVE-2023-31068 are only about the TSplus Remot...

CVE-2023-27133

TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILESX86%\TSplus-RemoteWork\Clients\www folder. This may enable privilege escalation if a different local user modifies a file. NOTE: CVE-2023-31067 and CVE-2023-31068 are only about the TSplus Remot...

PT-2023-20971 · Tsplus · Tsplus Remote Work

Name of the Vulnerable Software and Affected Versions: TSplus Remote Work version 16.0.0.0 Description: The issue is related to weak permissions for certain file types, including .exe, .js, and .html files, located under the %PROGRAMFILESX86%TSplus-RemoteWorkClientswww folder. This weakness may...

Improper access control

A vulnerability has been identified in SINEC NMS All versions V2.0. The affected application assigns improper access rights to specific folders containing executable files and libraries. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges...

Siemens SINEC NMS 安全漏洞

Siemens SINEC NMS is a network management system NMS from Siemens, Germany, that can be used 24/7 to centrally monitor, manage and configure industrial networks with tens of thousands of devices, including safety-related areas. The Siemens SINEC NMS suffers from an Incorrect Privilege Assignment...