Lucene search
K

59 matches found

Snyk
Snyk
added 2023/10/11 9:0 p.m.4 views

Malicious Package

Overview Kraken.Exchange is a malicious package. This package contains malicious code that executes covert scripts upon installation or uninstallation, communicating with a remote server to download and execute additional malicious files, thereby deploying the SeroXen RAT on the victim's machine,...

9.8CVSS7.4AI score
Exploits0References2
Snyk
Snyk
added 2023/10/11 9:0 p.m.3 views

Malicious Package

Overview Pathoschild.Stardew.Mod.Build.Config is a malicious package. This package contains malicious code that executes covert scripts upon installation or uninstallation, communicating with a remote server to download and execute additional malicious files, thereby deploying the SeroXen RAT on...

9.8CVSS7.4AI score
Exploits0References2
NVD
NVD
added 2023/09/12 10:15 p.m.23 views

CVE-2022-47637

The installer in XAMPP through 8.1.12 allows local users to write to the C:\xampp directory. Common use cases execute files under C:\xampp with administrative privileges...

6.7CVSS6.5AI score0.00239EPSS
Exploits1References1
OSV
OSV
added 2023/08/09 12:15 p.m.6 views

CVE-2023-31449

A path traversal vulnerability was identified in the WMI Custom sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the WMI Custom sensor into behaving differently for existing files and non-existing files. This made it possible to...

4.7CVSS5.9AI score0.00429EPSS
Exploits0References2
Prion
Prion
added 2023/08/09 12:15 p.m.25 views

Path traversal

A path traversal vulnerability was identified in the HL7 sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the HL7 sensor into behaving differently for existing files and non-existing files. This made it possible to traverse paths,...

5.8CVSS5AI score0.00429EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/08/09 12:0 a.m.28 views

CVE-2023-31450

A path traversal vulnerability was identified in the SQL v2 sensors in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the SQL v2 sensors into behaving differently for existing files and non-existing files. This made it possible to traverse...

5.6AI score0.00429EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/07/17 12:0 a.m.24 views

CVE-2023-38404

The XPRTLD web application in Veritas InfoScale Operations Manager VIOM before 8.0.0.410 allows an authenticated attacker to upload all types of files to the server. An authenticated attacker can then execute the malicious file to perform command execution on the remote server...

7.2CVSS9.1AI score0.00813EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2023/02/21 7:50 p.m.74 views

K16993: PHP vulnerabilities CVE-2015-4025 and CVE-2015-4026

Security Advisory Description CVE-2015-4025 PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with...

7.5CVSS8.3AI score0.20233EPSS
Exploits1Affected Software18
SUSE CVE
SUSE CVE
added 2023/02/15 6:9 a.m.7 views

SUSE CVE-2008-0657

Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5.0 Update 13 and earlier, allow context-dependent attackers to gain privileges via an untrusted 1 application or 2 applet, as demonstrated by an application or applet that grants...

10CVSS7.3AI score0.02839EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/08/21 12:0 a.m.5 views

XAMPP 安全漏洞

XAMPP is an easy-to-install Apache distribution with MariaDB, PHP, and Perl.The product is primarily used for building web servers. A security vulnerability exists in XAMPP version 8.1.12 and earlier versions. An attacker can exploit the vulnerability to execute files in the xampp directory...

6.7CVSS6.7AI score0.00239EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/06/10 12:0 a.m.7 views

PT-2022-5190 · Realvnc · Realvnc Vnc Server

Name of the Vulnerable Software and Affected Versions: RealVNC VNC Server versions 5.1.0 through 6.9.0 for Windows Description: The issue is related to the execution of files in the %TEMP% directory as SYSTEM, allowing an attacker to escalate privileges. This occurs because an installer repair...

10CVSS7.4AI score0.04052EPSS
Exploits1References9
CNNVD
CNNVD
added 2021/11/10 12:0 a.m.5 views

Corel Parallels Desktop 安全漏洞

Corel Parallels Desktop is a suite of virtual machine software for the macOS platform from Corel Canada. A security vulnerability exists in Corel Parallels Desktop version 16.5.0, which originates from the creation of symbolic links that can be abused by an attacker to execute files through the...

7.8CVSS7.5AI score0.00244EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2021/10/19 2:15 p.m.3 views

CVE-2021-30829

A URI parsing issue was addressed with improved parsing. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local user may be able to execute arbitrary files...

7.8CVSS5.7AI score0.00273EPSS
Exploits0References3
CNVD
CNVD
added 2021/01/22 12:0 a.m.3 views

OpenMage Magento Lts Injection Vulnerability

OpenMage Magento Lts is an e-commerce system organized by OpenMage. A security vulnerability exists in OpenMage Magento Lts before versions 19.4.10 and 20.0.5, which originates from the fact that an administrator with privileges to import and export data and edit cms pages can inject executable...

8.7CVSS6.9AI score0.01782EPSS
Exploits0References1
Prion
Prion
added 2020/11/17 4:15 p.m.37 views

Design/Logic Flaw

A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the target users file system. These hyperlinks can be triggered unconditionally. In fixed versions no internal protocol may be called from the documen...

9.3CVSS7.3AI score0.02687EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2020/09/03 5:38 p.m.9 views

GHSA-VXFP-QMPQ-6826 Malicious Package in hpmm

All versions of hpmm contain malicious code. The package uploads system information to a remote server, downloads a file and executes it. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer...

9.8CVSS6.9AI score
Exploits0References1
OSV
OSV
added 2020/09/03 5:36 p.m.11 views

GHSA-86GV-XPWV-JPRC Malicious Package in diamond-clien

All versions of diamond-clien contain malicious code. The package uploads system information to a remote server, downloads a file and executes it. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that...

9.8CVSS6.9AI score
Exploits0References1
NVD
NVD
added 2020/02/11 10:15 p.m.20 views

CVE-2020-0753

An elevation of privilege vulnerability exists in Windows Error Reporting WER when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0754...

7.8CVSS8.2AI score0.02313EPSS
Exploits0References1
CNVD
CNVD
added 2020/01/03 12:0 a.m.4 views

Cisco Data Center Network Manager REST API Path Traversal Vulnerability

Cisco Data Center Network Manager DCNM is a suite of data center network managers from Cisco that provides multiprotocol management of the network and troubleshooting of switch operating conditions and performance. A REST API path traversal vulnerability exists in Cisco Data Center Network Manage...

9CVSS7.3AI score0.4996EPSS
Exploits4References1
OSV
OSV
added 2019/08/15 7:15 p.m.2 views

CVE-2019-12809

Yes24ViewerX ActiveX Control 1.0.327.50126 and earlier versions contains a vulnerability that could allow remote attackers to download and execute arbitrary files by setting the arguments to the ActiveX method. This can be leveraged for code execution...

8.8CVSS7.6AI score
Exploits0References1
Rows per page
Query Builder