CVE-2020-9047

A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker with administrative privileges could...

Unspecified Vulnerability in Mids Reborn Hero Designer

Mids Reborn Hero Designer is a suite of game character design software from Jason Thompson Software Developers. A security vulnerability exists in Mids Reborn Hero Designer version 2.6.0.7, which can be exploited by an attacker to execute an executable file in a user's context by performing a...

CVE-2020-11614

Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as well as update files, over cleartext HTTP. Additionally, the application does not perform file integrity validation for files after download. An attacker can perform a man-in-the-middle attack against this connection and replace...

CVE-2020-11614

Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as well as update files, over cleartext HTTP. Additionally, the application does not perform file integrity validation for files after download. An attacker can perform a man-in-the-middle attack against this connection and replace...

Input validation

Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as well as update files, over cleartext HTTP. Additionally, the application does not perform file integrity validation for files after download. An attacker can perform a man-in-the-middle attack against this connection and replace...

CVE-2020-13269

Removed by vendor...

CVE-2020-13866

WinGate v9.4.1.5998 is affected by an Insecure Permissions Elevation of Privilege vulnerability: the installation directory grants full control to authenticated users, enabling local attackers to replace an executable with a Trojan horse and escalate privileges (often to SYSTEM) after a restart. ...

SolarWinds Advanced Monitoring Agent Elevation of Privilege Vulnerability

SolarWinds Advanced Monitoring Agent is a set of monitoring agent software from SolarWinds Inc. in the United States. The software is mainly used for remote monitoring and management of servers and so on. A security vulnerability exists in SolarWinds Advanced Monitoring Agent versions prior to...

CVE-2020-13912

SolarWinds Advanced Monitoring Agent before 10.8.9 allows local users to gain privileges via a Trojan horse .exe file, because everyone can write to a certain .exe file...

Foxit PhantomPDF code issue vulnerability (CNVD-2020-32467)

Foxit PhantomPDF is China's Foxit Foxit company a PDF document reader. A security vulnerability exists in Foxit PhantomPDF versions prior to 8.3.6. The vulnerability can be exploited by an attacker to execute arbitrary applications with the help of an embedded executable file...

CVE-2018-21244

An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows arbitrary application execution via an embedded executable file in a PDF portfolio, aka FG-VD-18-029...

Design/Logic Flaw

An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows arbitrary application execution via an embedded executable file in a PDF portfolio, aka FG-VD-18-029...

CVE-2020-9292

An unquoted service path vulnerability in the FortiSIEM Windows Agent component may allow an attacker to gain elevated privileges via the AoWinAgt executable service path...

Path traversal

An unquoted service path vulnerability in the FortiSIEM Windows Agent component may allow an attacker to gain elevated privileges via the AoWinAgt executable service path...

CVE-2020-9292

An unquoted service path vulnerability in the FortiSIEM Windows Agent component may allow an attacker to gain elevated privileges via the AoWinAgt executable service path...

Secure Computing SnapGear Management Console SG560 3.1.5 Arbitrary File Read / Write

Secure Computing SnapGear Management Console SG560 v3.1.5 Arbitrary File Read/Write Vendor: Secure Computing Corp. Product web page: http://www.securecomputing.com Affected version: 3.1.5u1 Summary: The SG gateway appliance range provides Internet security and privacy of communications for small...

Secure Computing SnapGear Management Console SG560 3.1.5 - Arbitrary File Read

Title: Secure Computing SnapGear Management Console SG560 3.1.5 - Arbitrary File Read Author:LiquidWorm Date: 2020-06-04 Vendor: http://www.securecomputing.com CVE: N/A Secure Computing SnapGear Management Console SG560 v3.1.5 Arbitrary File Read/Write Vendor: Secure Computing Corp. Product web...

CVE-2020-12846

Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file. There is potential abuse of /service/upload servlet in the webmail subsystem. A user can upload executable files exe,sh,bat,jar in the Contact section of the mailbox as an avatar image for ...

Remote code execution

Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file. There is potential abuse of /service/upload servlet in the webmail subsystem. A user can upload executable files exe,sh,bat,jar in the Contact section of the mailbox as an avatar image for ...

TrickBot Adds BazarBackdoor to Malware Arsenal

A new module for the infamous trojan known as TrickBot has been deployed: A stealthy backdoor that researchers call “BazarBackdoor.” The binary was first spotted being delivered as part of a phishing campaign that began in March, according to an analysis from Panda Security this week. The campaig...