CVE-2023-43089

Dell Rugged Control Center, version prior to 4.7, contains insufficient protection for the Policy folder. A local malicious standard user could potentially exploit this vulnerability to modify the content of the policy file, leading to unauthorized access to resources...

CVE-2023-43089

Dell Rugged Control Center, version prior to 4.7, contains insufficient protection for the Policy folder. A local malicious standard user could potentially exploit this vulnerability to modify the content of the policy file, leading to unauthorized access to resources...

CVE-2023-43089

Dell Rugged Control Center, version prior to 4.7, contains insufficient protection for the Policy folder. A local malicious standard user could potentially exploit this vulnerability to modify the content of the policy file, leading to unauthorized access to resources...

CVE-2023-43089

Dell Rugged Control Center prior to 4.7 is affected by insufficient protection of the Policy folder, allowing a local standard user to modify the policy file and potentially access resources. Affected product: Dell Rugged Control Center (Windows). Root cause: inadequate protection of the Policy f...

Dell Rugged Control Center Security Vulnerability

Dell Rugged Control Center is an application from Dell USA. It allows a range of settings to be configured on a ruggedized device, such as application settings, keyboard backlighting settings, night mode settings, stealth mode settings, window settings, antenna switch settings, and GPS settings. ...

Plesk Installer Code Issue Vulnerability

Plesk Installer is an installer program from the Swiss company Plesk. A code issue vulnerability exists in Plesk Installer version 3.27.0.0, which originates from a code issue that allows a local attacker to execute arbitrary code by injecting a DLL file into the same folder where the application...

BackWPup < 4.0.2 - Authenticated (Administrator+) Directory Traversal

Description The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally,...

CVE-2023-43086

Dell Command | Configure, versions prior to 4.11.0, contains an improper access control vulnerability. A local malicious user could potentially modify files inside installation folder during application upgrade, leading to privilege escalation...

Dell Command | Configure Security Vulnerability

Dell Command | Configure is an application from Dell USA that provides configuration capabilities for business client platforms. The program contains both a command line interface and a graphical user interface for configuring various BIOS features. A security vulnerability exists in Dell Command...

CVE-2023-20084

A vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpoint protection within a limited time window. This vulnerability is due to a timing issue that occurs between various software components. An attacker could...

CVE-2023-20084

A vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpoint protection within a limited time window. This vulnerability is due to a timing issue that occurs between various software components. An attacker could...

Design/Logic Flaw

A vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpoint protection within a limited time window. This vulnerability is due to a timing issue that occurs between various software components. An attacker could...

CVE-2023-20084

A vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpoint protection within a limited time window. This vulnerability is due to a timing issue that occurs between various software components. An attacker could...

CVE-2023-20084

CVE-2023-20084 affects Cisco Secure Endpoint for Windows. A timing issue between software components can let a local, authenticated attacker coerce a user to place a malicious file in a folder and run it within a narrow window, causing the endpoint to fail to quarantine the file or terminate the ...

GHSA-H73M-PCFW-25H2 Download to arbitrary folder can lead to RCE

Summary A web UI user can store files anywhere on the pyLoad server and gain command execution by abusing scripts. Details When a user creates a new package, a subdirectory is created within the /downloads folder to store files. This new directory name is derived from the package name, except a...

Download to arbitrary folder can lead to RCE

Summary A web UI user can store files anywhere on the pyLoad server and gain command execution by abusing scripts. Details When a user creates a new package, a subdirectory is created within the /downloads folder to store files. This new directory name is derived from the package name, except a...

PT-2023-9699 · Nextcloud +1 · Nextcloud Enterprise Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 27.1.9 Nextcloud Server versions prior to 28.0.5 Nextcloud Server versions prior to 29.0.0 Nextcloud Enterprise Server versions prior to 21.0.9.18 Nextcloud Enterprise Server versions prior to 22.2.10.23...

Duet Display Security Vulnerability

Duet Display is a remote desktop application. A security vulnerability exists in Duet Display version 2.5.9.1 that stems from the presence of an uncontrolled search path element vulnerability. An attacker can place an arbitrary libusk.dll file in the C:UsersuserAppDataLocalMicrosoftWindowsApps...

CVE-2023-6179 Incorrect Permission assignment to program executable folders

Honeywell ProWatch, 4.5, including all Service Pack versions, contain a Vulnerability in Application Server's executable folders. An attacker could potentially exploit this vulnerability, leading to a standard user to have arbitrary system code execution. Honeywell recommends updating to the most...

PortlandLabs Concrete CMS 跨站脚本漏洞

PortlandLabs Concrete CMS is a team-oriented open source content management system of the United States PortlandLabs company . PortlandLabs Concrete CMS before 8.5.13, before 9.2.2 version of the cross-site scripting vulnerability , the vulnerability stems from the administration page of the...