CVE-2020-10125

CVE-2020-10125 affects NCR SelfServ ATMs running APTRA XFS 04.02.01 and 05.01.00 . The issue is that these versions implement 512-bit RSA certificates to validate BNA software updates. An attacker with physical access can exploit the weak key strength to sign arbitrary files and CAB archives used...

CVE-2020-15630

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...

Parallels Desktop prl_hypervisor Out-Of-Bounds Read Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prlhypervisor...

CVE-2020-1544

An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The securi...

CVE-2020-1531

An elevation of privilege vulnerability exists when the Windows Accounts Control improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The...

Microsoft Visual Studio Code Code Execution Vulnerability

Microsoft Visual Studio Code is an open source code editor from Microsoft USA. A remote code execution vulnerability exists in Microsoft Visual Studio Code. An attacker can exploit this vulnerability by tricking a user into copying a repository and opening it in Visual Studio Code to run arbitrar...

BarcodeOCR 19.3.6 - (BarcodeOCR) Unquoted Service Path Vulnerability

Exploit Title: BarcodeOCR 19.3.6 - 'BarcodeOCR' Unquoted Service Path Exploit Author: Daniel Bertoni Vendor Homepage: https://www.barcode-ocr.com/ Version: 19.3.6 Tested on: Windows Server 2016, Windows 10 Find the Unquoted Service Path Vulnerability: C:\wmic service get...

Delta Electronics TPEditor Buffer Overflow Vulnerability (CNVD-2020-47576)

Delta Electronics TPEditor is a Windows-based Delta text panel programming software from Delta Electronics, Taiwan, China. A security vulnerability exists in Delta Electronics TPEditor version 1.97 and earlier. The vulnerability can be exploited by an attacker with a specially crafted project fil...

Delta Electronics TPEditor Input Validation Error Vulnerability

Delta Electronics TPEditor is a Windows-based Delta text panel programming software from Delta Electronics, Taiwan, China. An input validation error vulnerability exists in Delta Electronics TPEditor version 1.97 and earlier. The vulnerability can be exploited by an attacker with a specially...

PT-2020-14824 · Delta Electronics · Tpeditor

Name of the Vulnerable Software and Affected Versions: Delta Electronics TPEditor versions 1.97 and prior Description: A write-what-where condition may be exploited by processing a specially crafted project file, potentially allowing an attacker to read or modify information, execute arbitrary...

USN-4451-1 ppp vulnerability

Thomas Chauchefoin working with Trend Micro´s Zero Day Initiative, discovered that ppp incorrectly handled module loading. A local attacker could use this issue to load arbitrary kernel modules and possibly execute arbitrary code...

CVE-2020-15623

This vulnerability allows remote attackers to write arbitrary files on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmodsecurity.php. When parsing the archivo parameter, the process...

CVE-2020-15612

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxftpmanager.php. When parsing the userLogin parameter, the process...

CVE-2020-15427

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxdiskusage.php. When parsing the folderName parameter, the process...

Apache Ant: Multiple vulnerabilities

Background Ant is a Java-based build tool similar to ‘make’ that uses XML configuration files. Description Apache Ant was found to be using multiple insecure temporary files which may disclose sensitive information or execute code from an unsafe local location. Impact A local attacker could...

CVE-2020-8317

A DLL search path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges...

Microsoft Windows Geolocation Framework Elevation of Privilege Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. A security vulnerability exists in the way memory objects are handled in the Microsoft...

Microsoft Windows Credential Picker Elevation of Privilege Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. A security vulnerability exists in the way memory objects are handled in the Microsoft...

Design/Logic Flaw

A vulnerability has been identified in Opcenter Execution Discrete All versions V3.2, Opcenter Execution Foundation All versions V3.2, Opcenter Execution Process All versions V3.2, Opcenter Intelligence All versions V3.3, Opcenter Quality All versions V11.3, Opcenter RD&L V8.0, SIMATIC Notifier...

Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...