5048 matches found
CVE-2022-38764
A vulnerability on Trend Micro HouseCall version 1.62.1.1133 and below could allow a local attacker to escalate privlieges due to an overly permissive folder om the product installer...
Design/Logic Flaw
A vulnerability on Trend Micro HouseCall version 1.62.1.1133 and below could allow a local attacker to escalate privlieges due to an overly permissive folder om the product installer...
CVE-2022-40142
A security link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service agents could allow a local attacker to create a writable folder in an arbitrary location and escalate privileges on affected installations. Please note: an attacker mus...
CVE-2022-38764
A vulnerability on Trend Micro HouseCall version 1.62.1.1133 and below could allow a local attacker to escalate privlieges due to an overly permissive folder om the product installer...
Trend Micro HouseCall 安全漏洞
Trend Micro HouseCall is a free scanning program from Trend Micro. Use a simple one-click scan to detect all devices connected to your home network and check them for security risks. A security vulnerability exists in Trend Micro HouseCall 1.62.1.1133 and prior versions, which stems from an...
CVE-2022-40337
OASES aka Open Aviation Strategic Engineering System 8.8.0.2 allows attackers to execute arbitrary code via the Open Print Folder menu...
CVE-2022-40337
OASES aka Open Aviation Strategic Engineering System 8.8.0.2 allows attackers to execute arbitrary code via the Open Print Folder menu...
CVE-2022-40337
OASES aka Open Aviation Strategic Engineering System 8.8.0.2 allows attackers to execute arbitrary code via the Open Print Folder menu...
Design/Logic Flaw
OASES aka Open Aviation Strategic Engineering System 8.8.0.2 allows attackers to execute arbitrary code via the Open Print Folder menu...
CVE-2022-40337
OASES aka Open Aviation Strategic Engineering System 8.8.0.2 allows attackers to execute arbitrary code via the Open Print Folder menu...
Open Aviation Strategic Engineering System 安全漏洞
Valsoft Open Aviation Strategic Engineering System OASES is an aviation engineering and maintenance system from Valsoft Corporation of Canada. A security vulnerability exists in Open Aviation Strategic Engineering System version 8.8.0.2 that could allow an attacker to execute arbitrary code via t...
Enable Media Replace < 4.0.0 - Admin+ Path Traversal
The plugin does not ensure that renamed files are moved to the Upload folder, which could allow high privilege users such as admin to move them outside to the web root directory via a path traversal attack for example When replacing the file, select "Replace the file, use new file name and update...
CVE-2021-44426
An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.5. An upload of an arbitrary file to a victim's local /Downloads/ directory is possible if the victim is using the AnyDesk Windows client to connect to a remote machine, if an attacker is also connected remotely with AnyDesk to...
CVE-2022-38276
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/foldernotice/list...
Sql injection
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/foldernotice/list...
AirDisk 7.5.5 Cross Site Scripting
Exploit Title: AirDisk 7.5.5 File Manager Stored XSS Date: Sep 8, 2022 Exploit Author: Chokri Hammedi Vendor Homepage: https://apps.apple.com/us/developer/felix-yew/id505904424 Software Link: https://apps.apple.com/us/app/airdisk-file-manager/id566530748 Version: 7.5.5 Tested on: iPhone ios 15.6 ...
Download Manager < 3.2.55 - Admin+ Arbitrary File/Folder Access via Path Traversal
The plugin does not validate one of its settings, which could allow high privilege users such as admin to list and read arbitrary files and folders outside of the blog directory 1. Navigate to settings page /wp-admin/edit.php?posttype=wpdmpro&page=settings 2. In the “File Browser Root:” setting,...
PT-2022-4663 · Trend Micro · Trend Micro Housecall
Name of the Vulnerable Software and Affected Versions: Trend Micro HouseCall versions 1.62.1.1133 and below Description: The issue is related to incorrect permission assignment, which could allow a local attacker to escalate privileges due to an overly permissive folder in the product installer...
CVE-2022-31262
An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to insufficient folder permissions, an attacker can hijack the %ProgramData%\GOG.com folder structure and change the GalaxyCommunication service executable to a malicious file, resulting in code execution as...
CVE-2022-31262
An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to insufficient folder permissions, an attacker can hijack the %ProgramData%\GOG.com folder structure and change the GalaxyCommunication service executable to a malicious file, resulting in code execution as...