Lucene search
+L

59 matches found

Veracode
Veracode
added 2022/12/20 8:46 a.m.18 views

Privilege Escalation

silverstripe/subsites is vulnerable to privilege escalation. The vulnerability exists in FileSubsites.php due to the lack of validation in file edit privileges, which allows an attacker to modify sensitive files inside the system...

7.5CVSS7.2AI score0.00524EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2022/10/11 5:15 p.m.21 views

CVE-2022-34430

Dell Hybrid Client below 1.8 version contains a Zip Bomb Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification...

7.5CVSS0.00472EPSS
Exploits0References1
Prion
Prion
added 2022/10/11 5:15 p.m.18 views

Design/Logic Flaw

Dell Hybrid Client below 1.8 version contains a Zip Bomb Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification...

5CVSS7.4AI score0.00472EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/10/11 4:40 p.m.28 views

CVE-2022-34430

Dell Hybrid Client below 1.8 version contains a Zip Bomb Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification...

7.1CVSS7.6AI score0.00472EPSS
Exploits0References1
NVD
NVD
added 2022/09/30 8:15 p.m.18 views

CVE-2022-34429

Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification...

7.1CVSS0.00208EPSS
Exploits0References1
Prion
Prion
added 2022/09/30 8:15 p.m.15 views

Code injection

Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification...

3.2CVSS6.8AI score0.00208EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/09/30 7:25 p.m.24 views

CVE-2022-34429

Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification...

6.5CVSS7AI score0.00208EPSS
Exploits0References1
CVE
CVE
added 2022/09/30 7:25 p.m.52 views

CVE-2022-34429

Dell Hybrid Client (Windows) versions prior to 1.8 are affected by a Zip Slip vulnerability in the UI module. A guest-privileged attacker could potentially exploit this to modify system files. The issue stems from improper handling of archive extraction paths in the UI. Remediation per PT-2022-22...

7.1CVSS6.8AI score0.00208EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/09/30 12:0 a.m.6 views

PT-2022-22163 · Dell · Dell Hybrid Client

Name of the Vulnerable Software and Affected Versions: Dell Hybrid Client versions prior to 1.8 Description: The issue allows a guest privilege attacker to potentially exploit a Zip Slip Vulnerability in the UI, leading to system files modification. Recommendations: For versions prior to 1.8,...

7.1CVSS6.8AI score0.00208EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/09/14 12:0 a.m.5 views

CVE-2022-34429

Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification...

7.1CVSS5.9AI score0.00208EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/09/08 11:0 a.m.8 views

CVE-2022-27593 DeadBolt Ransomware

An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later...

10CVSS9.2AI score0.87908EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/09/08 11:0 a.m.29 views

CVE-2022-27593 DeadBolt Ransomware

An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later...

10CVSS9.5AI score0.87908EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/09/08 12:0 a.m.64 views

CVE-2022-27593

An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later...

10CVSS9.8AI score0.87908EPSS
In wildExploits0References2
Mageia
Mageia
added 2022/01/05 10:45 p.m.162 views

Updated singularity packages fix security vulnerability

A dependency used to extract docker/OCI image layers can be tricked into modifying host files by creating a malicious layer that has a symlink with the name "." or "/", when running as root. CVE-2021-29136 Dde to incorrect use of a default URL, singularity action commands run/shell/exec specifyin...

6.8CVSS1.6AI score0.02085EPSS
Exploits0References6
NVD
NVD
added 2020/12/14 8:15 p.m.25 views

CVE-2020-8258

Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, allows an attacker to modify arbitrary files...

7.5CVSS7.6AI score0.01265EPSS
Exploits0References1
0day.today
0day.today
added 2019/04/16 12:0 a.m.56 views

Zoho ManageEngine ADManager Plus 6.6 (Build < 6659) - Privilege Escalation Vulnerability

Exploit for windows platform in category local exploits Exploit Title: Zoho ManageEngine ADManager Plus 6.6 Build 6659 Privilege Escalation Exploit Author: Digital Interruption Vendor Homepage: https://www.manageengine.co.uk/ Version: 6.6 Build 6658 Tested on: Windows Server 2012 R2 CVE :...

0.1AI score0.0108EPSS
Exploits5
NVD
NVD
added 2018/10/05 2:29 p.m.21 views

CVE-2018-15386

A vulnerability in Cisco Digital Network Architecture DNA Center could allow an unauthenticated, remote attacker to bypass authentication and have direct unauthorized access to critical management functions. The vulnerability is due to an insecure default configuration of the affected system. An...

9.8CVSS9.7AI score0.03441EPSS
Exploits0References2
NVD
NVD
added 2017/04/24 3:59 p.m.16 views

CVE-2017-2331

A firewall bypass vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to bypass firewall policies, leading to authentication bypass methods, information disclosure, modification of system files, and...

7.5CVSS7.2AI score0.01065EPSS
Exploits0References2
CVE
CVE
added 2017/04/24 3:0 p.m.48 views

CVE-2017-2331

CVE-2017-2331 affects Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1. The connected documents describe a firewall bypass vulnerability that could allow a network-based attacker to bypass firewall policies, leading to authentication bypass, information disc...

7.5CVSS7.2AI score0.01065EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2017/01/23 9:59 p.m.16 views

CVE-2016-5237

Valve Steam 3.42.16.13 uses weak permissions for the files in the Steam program directory, which allows local users to modify the files and possibly gain privileges as demonstrated by a Trojan horse Steam.exe file...

4.8CVSS5.1AI score0.00784EPSS
Exploits5References2
Rows per page
Query Builder