Privilege escalation

An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to insufficient folder permissions, an attacker can hijack the %ProgramData%\GOG.com folder structure and change the GalaxyCommunication service executable to a malicious file, resulting in code execution as...

CVE-2022-31262

An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to insufficient folder permissions, an attacker can hijack the %ProgramData%\GOG.com folder structure and change the GalaxyCommunication service executable to a malicious file, resulting in code execution as...

PT-2022-20650 · Gog · Gog Galaxy

Name of the Vulnerable Software and Affected Versions: GOG Galaxy versions 2.0.46 through 2.0.51 Description: An exploitable local privilege escalation issue exists due to insufficient folder permissions. An attacker can hijack the %ProgramData%GOG.com folder structure and change the...

Reduce logon time with Profile Management

Profile Management provides various features to improve logon performance. Examples are Profile streaming, Enable profile streaming for folders, Accelerate folder mirroring, Enable the Profile container for the entire user profile, and more. These features are helpful in scenarios where profiles...

GOG Galaxy 安全漏洞

GOG Galaxy is a game client program from the Polish company GOG. The program is used to install, launch and update games. A security vulnerability exists in GOG Galaxy version 2.0.46, which stems from the presence of an exploitable local lifting vulnerability that, due to insufficient folder...

PT-2022-4364 · Ge Digital · Proficy Machine Edition

Name of the Vulnerable Software and Affected Versions: Proficy Machine Edition versions 9.00 and prior Description: The issue is related to an unrestricted upload of files with dangerous types. This allows an attacker to upload and execute malicious files in the target system. The vulnerability i...

Emerson Proficy Machine Edition 代码问题漏洞

Emerson Proficy Machine Edition is a software application from Emerson Electric USA, Inc. An automation solution. A code issue vulnerability exists in Emerson Proficy Machine Edition 9.00 and prior versions that originates from uploading any file written to the PLC logical folder to a connected P...

CVE-2020-21641

Out-of-Band XML External Entity OOB-XXE vulnerability in Zoho ManageEngine Analytics Plus before 4.3.5 allows remote attackers to read arbitrary files, enumerate folders and scan internal ports via crafted XML license file...

ZOHO ManageEngine Analytics Plus 代码问题漏洞

ZOHO ManageEngine Analytics Plus is a self-service IT analytics solution from ZOHO India. Get a better view of your IT data with rich visualizations and dashboards. A security vulnerability exists in ZOHO ManageEngine Analytics Plus versions prior to 4.3.5. A remote attacker can exploit the...

How to Create a Secure Folder on Your Phone

Keep private photos, videos, and documents away from prying eyes...

[SECURITY] Fedora 35 Update: owncloud-client-2.10.1-1.fc35

Owncloud-client enables you to connect to your private ownCloud Server. With it you can create folders in your home directory, and keep the contents of those folders synced with your ownCloud server. Simply copy a file into the directory and the ownCloud Client does the rest...

Bolt CMS 输入验证错误漏洞

Bolt CMS is an open source PHP-based content management system for the BOLT community. An input validation error vulnerability exists in Bolt CMS version 5.1.7, which stems from the folder name parameter being found to have incorrect input validation, allowing an attacker to perform directory...

Huawei EulerOS: Security Advisory for git (EulerOS-SA-2022-2156)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-34121

Cuppa CMS v1.0 was discovered to contain a local file inclusion LFI vulnerability via the component /templates/default/html/windows/right.php...

CVE-2022-36415

A DLL hijacking vulnerability exists in the uninstaller in Scooter Beyond Compare 1.8a through 4.4.2 before 4.4.3 when installed via the EXE installer. The uninstaller attempts to load DLLs out of a Windows Temp folder. If a standard user places malicious DLLs in the C:\Windows\Temp\ folder, and...

Spoofing

A DLL hijacking vulnerability exists in the uninstaller in Scooter Beyond Compare 1.8a through 4.4.2 before 4.4.3 when installed via the EXE installer. The uninstaller attempts to load DLLs out of a Windows Temp folder. If a standard user places malicious DLLs in the C:\Windows\Temp\ folder, and...

Scooter Software Beyond Compare 代码问题漏洞

Scooter Software Beyond Compare is content comparison tool software from Scooter Software. A security vulnerability exists in Scooter Software Beyond Compare versions 1.8a through 4.4.2 prior to 4.4.3 that originates from a DLL hijacking vulnerability in the uninstaller when installing the progra...

CVE-2022-32450

AnyDesk 7.0.9 allows a local user to gain SYSTEM privileges via a symbolic link because the user can write to their own %APPDATA% folder used for ad.trace and chat but the product runs as SYSTEM when writing chat-room data there...

CVE-2022-24688

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The Touch settings allow unrestricted file upload and consequently Remote Code Execution via PDF upload with PHP content and a .php extension. The attacker must hijack or obtain privileged user access to the Parameters page in order...

CVE-2022-24688

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The Touch settings allow unrestricted file upload and consequently Remote Code Execution via PDF upload with PHP content and a .php extension. The attacker must hijack or obtain privileged user access to the Parameters page in order...