32 matches found
EUVD-2019-7991
Malware in sbrugna...
PT-2025-31532 · Undefined · Undefined
An unrestricted file upload vulnerability exists in Kaseya KServer versions prior to 6.3.0.2. The uploadImage.asp endpoint allows unauthenticated users to upload files to arbitrary paths via a crafted filename parameter in a multipart/form-data POST request. Due to the lack of authentication and...
Command injection
Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution RCE. The remote process execution is bound to the IUSR...
Advantech WebAccess Node Product Installation File Access Control Modification Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privilege on vulnerable installations of Advantech WebAccess Node. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the access...
Design/Logic Flaw
A vulnerability allows local attackers to escalate privilege on Rapid Scada 5.5.0 because of weak C:\SCADA permissions. The specific flaw exists within the access control that is set and modified during the installation of the product. The product sets weak access control restrictions. An attacke...
CVE-2018-5313
A vulnerability allows local attackers to escalate privilege on Rapid Scada 5.5.0 because of weak C:\SCADA permissions. The specific flaw exists within the access control that is set and modified during the installation of the product. The product sets weak access control restrictions. An attacke...
CVE-2018-5313
A vulnerability allows local attackers to escalate privilege on Rapid Scada 5.5.0 because of weak C:\SCADA permissions. The specific flaw exists within the access control that is set and modified during the installation of the product. The product sets weak access control restrictions. An attacke...
Rapid Scada 5.5.0 Insecure Permissions Vulnerability
Exploit for windows platform in category local exploits Rapid Scada - 5.5.0 - Insecure Permissions ------------------------------------------------------- Author: - Filipe Xavier Oliveira: icacls SCADA SCADA BUILTIN\Administrators:IF BUILTIN\Administrators:IOICIIOF NT AUTHORITY\SYSTEM:IF NT...
Trend Micro Mobile Security for Enterprise upload_wallpaper_file Unrestricted File Upload Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the uploadwallpaperfile action. The issue...
Trend Micro Mobile Security for Enterprise upload_font_file Unrestricted File Upload Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the uploadfontfile action. The issue results...
Trend Micro Control Manager cmdHandlerFileHandling Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within cmdHandlerFileHandling.dll. The issue results from the lack of proper...
Trend Micro Control Manager modDLPViolationCnt_drildown Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within widgetold's modDLPViolationCntdrildown.php script. The issue lies in the...
Trend Micro Control Manager modDLPTemplateMatch_drildown Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within widget's modDLPTemplateMatchdrildown.php script. The issue lies in the lac...
Trend Micro Control Manager download Directory Traversal Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within widget's download.php script. The issue lies in the lack of proper...
Trend Micro Control Manager modDLPTemplateMatch_drildown Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within widgetold's modDLPTemplateMatchdrildown.php script. The issue lies in the...
Trend Micro Control Manager download Directory Traversal Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within widgetsnew's download.php script. The issue lies in the lack of...
Trend Micro Control Manager importFile Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within widget's importFile.php script. The issue lies in the lack of proper...
Trend Micro Control Manager modDLPViolationCnt_drildown Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within widgetoldSP1's modDLPViolationCntdrildown.php script. The issue lies in th...
Trend Micro Control Manager importFile Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the importFile.php script. The issue lies in the failure to properly...
Trend Micro Control Manager modDLPTemplateMatch_drildown Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within widgetoldSP1's modDLPTemplateMatchdrildown.php script. The issue lies in t...