448 matches found
CVE-2024-12754
AnyDesk Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...
CVE-2024-53781 WordPress SpatialMatch IDX plugin <= 3.0.9 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in homejunction SpatialMatch IDX spatialmatch-free-lifestyle-search allows Stored XSS.This issue affects SpatialMatch IDX: from n/a through = 3.0.9...
PT-2024-35894 · Home Junction · Spatialmatch Idx
Name of the Vulnerable Software and Affected Versions: Home Junction SpatialMatch IDX versions n/a through 3.0.9 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...
CVE-2024-7243
Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...
CVE-2024-7243
Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...
CVE-2024-7242
Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...
CVE-2024-7242
Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...
CVE-2024-7241
Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...
CVE-2024-7242 Panda Security Dome Link Following Local Privilege Escalation Vulnerability
Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...
CVE-2024-7242 Panda Security Dome Link Following Local Privilege Escalation Vulnerability
Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...
CVE-2024-7242
CVE-2024-7242 is a local privilege escalation impacting Panda Security Dome. The flaw exists in the PSANHost executable: an attacker who can run low-privileged code can create a junction to abuse the service, enabling deletion of arbitrary files and escalation to SYSTEM, potentially enabling arbi...
CVE-2024-7243 Panda Security Dome Link Following Local Privilege Escalation Vulnerability
Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...
Guest OS File Restore Fails on Self-Referencing Junction Points
Challenge Using Guest OS File Restore to restore a folder containing a junction point that redirects back to the initial folder fails with the error: Win32 error:The name of the file cannot be resolved by the system. Code: 1921 For example, attempting to restore a user's AppData folder the restor...
PT-2024-10228 · Foxit · Foxit Pdf Reader
Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on...
CVE-2024-7987
A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. To exploit this vulnerability and a threat actor must abuse the ThinServer™ service by creating a junction and use it to...
CVE-2024-7987
A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. To exploit this vulnerability and a threat actor must abuse the ThinServer™ service by creating a junction and use it to...
CVE-2024-7987
Rockwell Automation ThinManager ThinServer contains a remote code execution vulnerability (CVE-2024-7987) exposed by the ThinServer service. The issue arises from Incorrect Permission Assignment for a Critical Resource, enabling an attacker to execute arbitrary code with SYSTEM privileges by abus...
CVE-2024-7987 Rockwell Automation ThinManager® ThinServer™ Information Disclosure and Remote Code Execution Vulnerabilities
A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. To exploit this vulnerability and a threat actor must abuse the ThinServer™ service by creating a junction and use it to...
CVE-2024-7987 Rockwell Automation ThinManager® ThinServer™ Information Disclosure and Remote Code Execution Vulnerabilities
A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. To exploit this vulnerability and a threat actor must abuse the ThinServer™ service by creating a junction and use it to...
CVE-2024-7986
A vulnerability exists in the Rockwell Automation ThinManager® ThinServer that allows a threat actor to disclose sensitive information. A threat actor can exploit this vulnerability by abusing the ThinServer™ service to read arbitrary files by creating a junction that points to the target directo...