CVE-2024-43199

Nagios NDOUtils before 2.1.4 allows privilege escalation from nagios to root because certain executable files are owned by the nagios user...

CVE-2024-43199

Nagios NDOUtils prior to 2.1.4 is affected by CVE-2024-43199 due to executable files owned by the nagios user, enabling local privilege escalation from nagios to root. Affected software: Nagios NDOUtils (versions before 2.1.4). Root cause: ownership of certain executables by the nagios user allow...

CVE-2024-43199

Nagios NDOUtils before 2.1.4 allows privilege escalation from nagios to root because certain executable files are owned by the nagios user...

PT-2024-24055 · Apache · Apache Streampipes

Name of the Vulnerable Software and Affected Versions: Apache StreamPipes versions through 0.93.0 Description: The issue is related to an Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes. This vulnerability may allow the upload of executable files, potentially...

Kiloview P1 and P2 Security Vulnerabilities

Kiloview P1 4G Video Encoder and Kiloview P2 4G Video Encoder are both a professional video encoder device from Kiloview China. A security vulnerability exists in the Kiloview P1 and P2. An attacker could exploit this vulnerability to download source code or executable files from a remote locatio...

The vulnerability of the LaborOfficeFree software for managing shift scheduling and working hours, which stems from the use of pre-installed database records, allows a perpetrator to gain unauthorized access to the application’s backup database.

The vulnerability of the executable files LOFservice.exe and LaborOfficeFree.exe of the LaborOfficeFree software for workforce management and time tracking involves the use of pre-installed database credentials. Exploiting this vulnerability could allow an attacker to gain unauthorized access to...

Access Bypass

ezsystems/ezplatform is vulnerable to Access Bypass. The vulnerability is due to inadequate rewrite rules for blocking access to executable files in the var directory when using eZ Platform Cloud on Platform.sh...

Latrodectus Malware Loader Emerges as IcedID's Successor in Phishing Campaigns

Cybersecurity researchers have observed a spike in email phishing campaigns starting early March 2024 that delivers Latrodectus, a nascent malware loader believed to be the successor to the IcedID malware. "These campaigns typically involve a recognizable infection chain involving oversized...

CVE-2024-20366

A vulnerability in the Tail-f High Availability Cluster Communications HCC function pack of Cisco Crosswork Network Services Orchestrator NSO could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability exists because a user-controlled searc...

CVE-2024-20366

A vulnerability in the Tail-f High Availability Cluster Communications HCC function pack of Cisco Crosswork Network Services Orchestrator NSO could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability exists because a user-controlled searc...

PT-2024-40140 · Ez Systems · Ez Platform

Name of the Vulnerable Software and Affected Versions: ezplatform versions prior to 1.7.9.1 ezplatform versions prior to 1.13.5.1 ezplatform versions prior to 2.5.4.1 Description: The issue affects eZ Platform setups on the Platform.sh cloud service, where a rewrite rule intended to block access ...

JVN#13113728: "EasyRange" may insecurely load executable files

"EasyRange" provided by sira.jp according to the original report submitted by the reporter is a tool to extract compressed files. "EasyRange" contains an issue with the executable file search path when displaying an extracted file on Explorer, which may lead to loading an executable file resides ...

PT-2024-4032 · Unknown · Laborofficefree

Name of the Vulnerable Software and Affected Versions: LaborOfficeFree version 19.10 Description: The issue affects the executable files LOF service.exe and LaborOfficeFree.exe, allowing an attacker to read and extract the username and password from the database. This can lead to unauthorized...

CVE-2022-45793 Executable files writable by low-privileged users in Omron Sysmac Studio

Sysmac Studio installs executables in a directory with poor permissions. This can allow a locally-authenticated attacker to overwrite files which will result in code execution with privileges of a different user...

Remote code execution

Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because uploadaction and editaction in AdminSmileysController do not check the file extension. This leads to remote code execution with the privileges of the www-data user. The fixed versions are 5.3.4, 5.2.6, 5.1.7,...

CVE-2023-48371

ITPison OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service...

Design/Logic Flaw

ITPison OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service...

CVE-2023-48371 ITPison OMICARD EDM 's SMS - Arbitrary File Upload

ITPison OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service...

The vulnerability in the `loaddebugsection` function of the `readelf.c` component of the GNU Binutils development environment allows an attacker to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the loaddebugsection function in the readelf.c component of the GNU Binutils development environment is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its...

Security Vulnerabilities fixed in Firefox 119 — Mozilla

It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header...