59 matches found
Privilege Escalation
silverstripe/subsites is vulnerable to privilege escalation. The vulnerability exists in FileSubsites.php due to the lack of validation in file edit privileges, which allows an attacker to modify sensitive files inside the system...
CVE-2022-34430
Dell Hybrid Client below 1.8 version contains a Zip Bomb Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification...
Design/Logic Flaw
Dell Hybrid Client below 1.8 version contains a Zip Bomb Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification...
CVE-2022-34430
Dell Hybrid Client below 1.8 version contains a Zip Bomb Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification...
CVE-2022-34429
Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification...
Code injection
Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification...
CVE-2022-34429
Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification...
CVE-2022-34429
Dell Hybrid Client (Windows) versions prior to 1.8 are affected by a Zip Slip vulnerability in the UI module. A guest-privileged attacker could potentially exploit this to modify system files. The issue stems from improper handling of archive extraction paths in the UI. Remediation per PT-2022-22...
PT-2022-22163 · Dell · Dell Hybrid Client
Name of the Vulnerable Software and Affected Versions: Dell Hybrid Client versions prior to 1.8 Description: The issue allows a guest privilege attacker to potentially exploit a Zip Slip Vulnerability in the UI, leading to system files modification. Recommendations: For versions prior to 1.8,...
CVE-2022-34429
Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification...
CVE-2022-27593 DeadBolt Ransomware
An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later...
CVE-2022-27593 DeadBolt Ransomware
An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later...
CVE-2022-27593
An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later...
Updated singularity packages fix security vulnerability
A dependency used to extract docker/OCI image layers can be tricked into modifying host files by creating a malicious layer that has a symlink with the name "." or "/", when running as root. CVE-2021-29136 Dde to incorrect use of a default URL, singularity action commands run/shell/exec specifyin...
CVE-2020-8258
Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, allows an attacker to modify arbitrary files...
Zoho ManageEngine ADManager Plus 6.6 (Build < 6659) - Privilege Escalation Vulnerability
Exploit for windows platform in category local exploits Exploit Title: Zoho ManageEngine ADManager Plus 6.6 Build 6659 Privilege Escalation Exploit Author: Digital Interruption Vendor Homepage: https://www.manageengine.co.uk/ Version: 6.6 Build 6658 Tested on: Windows Server 2012 R2 CVE :...
CVE-2018-15386
A vulnerability in Cisco Digital Network Architecture DNA Center could allow an unauthenticated, remote attacker to bypass authentication and have direct unauthorized access to critical management functions. The vulnerability is due to an insecure default configuration of the affected system. An...
CVE-2017-2331
A firewall bypass vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to bypass firewall policies, leading to authentication bypass methods, information disclosure, modification of system files, and...
CVE-2017-2331
CVE-2017-2331 affects Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1. The connected documents describe a firewall bypass vulnerability that could allow a network-based attacker to bypass firewall policies, leading to authentication bypass, information disc...
CVE-2016-5237
Valve Steam 3.42.16.13 uses weak permissions for the files in the Steam program directory, which allows local users to modify the files and possibly gain privileges as demonstrated by a Trojan horse Steam.exe file...