CVE-2023-28818

CVE-2023-28818 affects Veritas NetBackup IT Analytics 11.x prior to 11.2.0. The upgrade process permits unsigned files, enabling a attacker to install rogue Collector executables (aptare.jar or upgrademanager.zip) on the Portal server, which could be downloaded and installed on collectors, compro...

CertVerify - A Scanner That Files With Compromised Or Untrusted Code Signing Certificates

The CertVerify is a tool designed to detect executable files exe, dll, sys that have been signed with untrusted or leaked code signing certificates. The purpose of this tool is to identify potentially malicious files that have been signed using certificates that have been compromised, stolen, or...

Wondershare Dr.Fone 安全漏洞

Wondershare Dr. Fone is a mobile device toolkit software from China Wondershare Technology Wondershare. The software provides applications, transfer data, contacts, messages and other auxiliary functions for the device. A security vulnerability exists in Wondershare Dr.Fone v12.9.6. An attacker...

PT-2023-8667 · Unknown · Hgiga Oaklouds

Name of the Vulnerable Software and Affected Versions: HGiga OAKlouds affected versions not specified Description: The HGiga OAKlouds file uploading function does not restrict the upload of files with dangerous types. An unauthenticated remote attacker can exploit this issue to upload and run...

The Menace of TrickGate Packer-as-a-Service Spreading Malware Globally

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary TrickGate has bundled several of the most well-known top-distribution malware families, including Trickbot, Maze, Emotet, REvil, CoinMiner, Cobalt Strike, Formbook, Remcos, AgentTesla, and many others...

CVE-2022-48285

A flaw was found in the JSZip package. Affected versions of JSZip could allow a remote attacker to traverse directories on the system caused by the failure to sanitize filenames when files are loaded with loadAsync, which makes the library vulnerable to a Zip Slip attack. By extracting files from...

Foxit Reader Code Issue Vulnerability (CNVD-2023-07829)

Foxit Reader is a PDF document reader from Foxit China. Foxit Reader is vulnerable to a code issue that could be exploited by attackers to execute malicious DLL files...

PT-2022-5289 · Kaspersky · Kavremover +1

Name of the Vulnerable Software and Affected Versions: Kaspersky Endpoint Security affected versions not specified Kavremover affected versions not specified Description: The issue is related to an uncontrolled search path element in the installation file of Kaspersky Endpoint Security and the...

PT-2022-19291 · F Secure +1 · F-Secure +1

Name of the Vulnerable Software and Affected Versions: F-Secure and WithSecure products affected versions not specified Description: A Denial-of-Service issue was discovered in F-Secure and WithSecure products. The aerdl.so or aerdl.dll component may enter an infinite loop when unpacking PE files...

CVE-2022-26118

A privilege chaining vulnerability CWE-268 in FortiManager and FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3 may allow a local and authenticated attacker with a restricted shell to escalate their privileges to root due to incorrect permissions of some folders and executable...

CVE-2022-26352

An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal, in which the file is saved outside of the intended storage location. If anonymous...

Directory traversal

An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal, in which the file is saved outside of the intended storage location. If anonymous...

SAP BusinessObjects BW Publisher Service Elevation of Privilege Vulnerability

SAP BusinessObjects BW Publisher Service is a model-driven data warehouse product from SAP Germany. An elevation of privilege vulnerability exists in versions 420 and 430 of the SAP BusinessObjects BW Publisher Service, which stems from the use of search paths that contain un-referenced elements,...

FortiManager & FortiAnalyzer - Privilege escalation vulnerability

A privilege chaining vulnerability CWE-268 in FortiManager and FortiAnalyzer may allow a local and authenticated attacker with a restricted shell to escalate their privileges to root due to incorrect permissions of some folders and executable files on the system...

Is 3rd Party App Access the New Executable File?

It's no secret that 3rd party apps can boost productivity, enable remote and hybrid work and are overall, essential in building and scaling a company's work processes. An innocuous process much like clicking on an attachment was in the earlier days of email, people don't think twice when connecti...

CVE-2022-23853

The LSP Language Server Protocol plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 tries to execute the associated LSP server binary when opening a file of a given type. If this binary is absent from the PATH, it will try running the LSP server binary in the directory of the file th...

CVE-2022-22521

In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed with users privileges. An attacker with low privileges may trick a user with administrative privileges to execute these binaries as admin...

Code injection

In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed with users privileges. An attacker with low privileges may trick a user with administrative privileges to execute these binaries as admin...

IBM Planning Analytics Arbitrary File Upload Vulnerability

IBM Planning Analytics is a business planning and analysis solution from IBM Corporation in the United States. IBM Planning Analytics has an arbitrary file upload vulnerability that can be exploited to upload arbitrary executable files, leading to code execution...

PT-2022-15491 · Miele · Miele Benchmark Programming Tool

Name of the Vulnerable Software and Affected Versions: Miele Benchmark Programming Tool versions prior to 1.2.71 Description: The issue allows executable files manipulated by attackers to be unknowingly executed with user privileges. An attacker with low privileges may trick a user with...