CVE-2020-1531

An elevation of privilege vulnerability exists when the Windows Accounts Control improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The...

Microsoft Visual Studio Code Code Execution Vulnerability

Microsoft Visual Studio Code is an open source code editor from Microsoft USA. A remote code execution vulnerability exists in Microsoft Visual Studio Code. An attacker can exploit this vulnerability by tricking a user into copying a repository and opening it in Visual Studio Code to run arbitrar...

BarcodeOCR 19.3.6 - (BarcodeOCR) Unquoted Service Path Vulnerability

Exploit Title: BarcodeOCR 19.3.6 - 'BarcodeOCR' Unquoted Service Path Exploit Author: Daniel Bertoni Vendor Homepage: https://www.barcode-ocr.com/ Version: 19.3.6 Tested on: Windows Server 2016, Windows 10 Find the Unquoted Service Path Vulnerability: C:\wmic service get...

Delta Electronics TPEditor Buffer Overflow Vulnerability (CNVD-2020-47576)

Delta Electronics TPEditor is a Windows-based Delta text panel programming software from Delta Electronics, Taiwan, China. A security vulnerability exists in Delta Electronics TPEditor version 1.97 and earlier. The vulnerability can be exploited by an attacker with a specially crafted project fil...

Delta Electronics TPEditor Input Validation Error Vulnerability

Delta Electronics TPEditor is a Windows-based Delta text panel programming software from Delta Electronics, Taiwan, China. An input validation error vulnerability exists in Delta Electronics TPEditor version 1.97 and earlier. The vulnerability can be exploited by an attacker with a specially...

PT-2020-14824 · Delta Electronics · Tpeditor

Name of the Vulnerable Software and Affected Versions: Delta Electronics TPEditor versions 1.97 and prior Description: A write-what-where condition may be exploited by processing a specially crafted project file, potentially allowing an attacker to read or modify information, execute arbitrary...

USN-4451-1 ppp vulnerability

Thomas Chauchefoin working with Trend Micro´s Zero Day Initiative, discovered that ppp incorrectly handled module loading. A local attacker could use this issue to load arbitrary kernel modules and possibly execute arbitrary code...

CVE-2020-15623

This vulnerability allows remote attackers to write arbitrary files on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmodsecurity.php. When parsing the archivo parameter, the process...

CVE-2020-15612

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxftpmanager.php. When parsing the userLogin parameter, the process...

CVE-2020-15427

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxdiskusage.php. When parsing the folderName parameter, the process...

Apache Ant: Multiple vulnerabilities

Background Ant is a Java-based build tool similar to ‘make’ that uses XML configuration files. Description Apache Ant was found to be using multiple insecure temporary files which may disclose sensitive information or execute code from an unsafe local location. Impact A local attacker could...

CVE-2020-8317

A DLL search path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges...

Microsoft Windows Geolocation Framework Elevation of Privilege Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. A security vulnerability exists in the way memory objects are handled in the Microsoft...

Microsoft Windows Credential Picker Elevation of Privilege Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. A security vulnerability exists in the way memory objects are handled in the Microsoft...

Design/Logic Flaw

A vulnerability has been identified in Opcenter Execution Discrete All versions V3.2, Opcenter Execution Foundation All versions V3.2, Opcenter Execution Process All versions V3.2, Opcenter Intelligence All versions V3.3, Opcenter Quality All versions V11.3, Opcenter RD&L V8.0, SIMATIC Notifier...

Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...

Vulnerability of the Flash Player software platform, related to the use of memory after it is freed. Exploiting this vulnerability can allow a malicious actor to bypass security restrictions and execute arbitrary code.

The vulnerability of the Adobe Flash Player software relates to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to bypass security restrictions and execute arbitrary code with system privileges...

CVE-2020-15397

HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users e.g., locations under /var/spool/hylafax that are writable by the uucp account. This allows these users to execute code in the context of the user calling these binarie...

CVE-2020-15397

HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users e.g., locations under /var/spool/hylafax that are writable by the uucp account. This allows these users to execute code in the context of the user calling these binarie...

The vulnerability of the Windows operating system, related to errors in memory object handling, allows a perpetrator to escalate their privileges and execute arbitrary code.

The vulnerability of the Windows operating system is related to errors in memory object handling. Exploiting this vulnerability allows a remote attacker to increase their privileges and execute arbitrary code using a specially created application...