CVE-2020-13551

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege...

CVE-2020-13551

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege...

Privilege escalation

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege...

IBM Maximo for Civil Infrastructure 安全漏洞

IBM Maximo Anywhere is a suite of next-generation mobile solutions from IBM USA built on the IBM Worklight platform. The solution supports remote access to IBM Maximo Asset Management a comprehensive asset lifecycle and maintenance management solution workflow and asset management via mobile...

Advantech WebAccess/SCADA installation privilege escalation vulnerability

Summary Multiple exploitable local privilege elevation vulnerabilities exist in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. Depending on the vector chosen, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. Tested...

Backdoor.Win32.Aphexdoor.LiteSock Buffer Overflow

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/a8bb1744bedf43849ed808b7dfa32da4.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Aphexdoor.LiteSock Vulnerability: Remote Stack Buffer Overflow Description:...

CVE-2020-35125

A cross-site scripting XSS vulnerability in the forms component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript via mauticreturn a different attack method than CVE-2020-35124, but also related to the Referer concept...

CVE-2020-35125

A cross-site scripting XSS vulnerability in the forms component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript via mauticreturn a different attack method than CVE-2020-35124, but also related to the Referer concept...

Cross site scripting

A cross-site scripting XSS vulnerability in the forms component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript via mauticreturn a different attack method than CVE-2020-35124, but also related to the Referer concept...

CVE-2020-35125

A cross-site scripting XSS vulnerability in the forms component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript via mauticreturn a different attack method than CVE-2020-35124, but also related to the Referer concept...

[SECURITY] Fedora 32 Update: python3-3.8.7-2.fc32

Python is an accessible, high-level, dynamically typed, interpreted program ming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3 package provides the "python3" executable: the...

Trend Micro Antivirus for Mac Memory Exhaustion Denial-Of-Service Vulnerability

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Trend Micro Antivirus for Mac. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...

CVE-2020-35124

A cross-site scripting XSS vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads...

CVE-2020-35124

A cross-site scripting XSS vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads...

Backdoor.Win32.Noknok.60 Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ecaf6a123fdf1f5660692dfc4c67a933.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Noknok.60 Vulnerability: Insecure Permissions Description: When generating an...

Selea CarPlateServer 4.0.1.6 Remote Program Execution

Selea CarPlateServer CPS v4.0.1.6 Remote Program Execution Vendor: Selea s.r.l. Product web page: https://www.selea.com Affected version: 4.0.1.6210120 4.013201105 3.100200225 3.005191206 3.005191112 Summary: Our CPS Car Plate Server software is an advanced solution that can be installed on...

Acronis: Acronis True Image 2020 Build 22510 Nonstop Backup Service Unquoted service path (privilege escalation)

Vulnerability description not provided...

Remote code execution

OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to import/export data and to create widget instances was able to inject an...

CVE-2020-26295 CMS Editor code execution

OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, an administrator with permission to import/export data and to edit cms pages was able to inject an executable file on the server via layout xml. The latest OpenMage Versions up from 19.4.9 an...

CVE-2020-26285 Widget instances allows a hacker to inject an executable file on the server on OpenMage

OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to import/export data and to create widget instances was able to inject an...