94 matches found
EUVD-2020-28410
Malware in sbrugna...
EUVD-2024-16005
Malicious code in bioql PyPI...
EUVD-2022-41065
Malicious code in bioql PyPI...
CVE-2025-44002
Race Condition in the Directory Validation Logic in the TeamViewer Full Client and Host prior version 15.69 on Windows allows a local non-admin user to create arbitrary files with SYSTEM privileges, potentially leading to a denial-of-service condition, via symbolic link manipulation during...
Linux Distros Unpatched Vulnerability : CVE-2017-16664
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System OTRS 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent...
Linux Distros Unpatched Vulnerability : CVE-2019-10067
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Open Ticket Request System OTRS 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. An attacker wh...
Trellix System Information Reporter 安全漏洞
Trellix System Information Reporter is a system information cell phone tool from Trellix USA. A security vulnerability exists in Trellix System Information Reporter 1.0.3 and earlier versions, which stems from a path or symbolic link manipulation issue that could lead to a system file overwrite...
CVE-2022-38482
A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4...
Security Bulletin: IBM Cognos Analytics is affected by multiple vulnerabilities
Summary There are vulnerabilities in IBM® Java™, IBM WebSphere Application Server Liberty and Open-Source Software OSS components used by IBM Cognos Analytics. Additionally, IBM Cognos Analytics is vulnerable to Open URL Redirection and Link Manipulation vulnerabilities. For more information abou...
CVE-2020-7283
Privilege Escalation vulnerability in McAfee Total Protection MTP before 16.0.R26 allows local users to create and edit files via symbolic link manipulation in a location they would otherwise not have access to. This is achieved through running a malicious script or program on the target machine...
PT-2024-28456
Name of the Vulnerable Software and Affected Versions axios versions 1.3.2 through 1.7.3 Description The issue allows Server-Side Request Forgery SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs. This could lead to internal system access o...
WooCommerce has a Cross-Site Scripting (XSS) Vulnerability in checkout & registration forms
Impact A vulnerability introduced in WooCommerce 8.8 allows for cross-site scripting. A bad actor can manipulate a link to include malicious HTML & JavaScript content. While the content is not saved to the database, the links may be sent to victims for malicious purposes. The injected JavaScript...
GHSA-XC3P-28HW-Q24G Grafana proxy Cross-site Scripting
Today we are releasing Grafana 8.3.5 and 7.5.15. This patch release includes MEDIUM severity security fix for XSS for Grafana. Release v.8.3.5, only containing security fixes: - Download Grafana 8.3.5 - Release notes Release v.7.5.15, only containing security fixes: - Download Grafana 7.5.15 -...
CVE-2024-0206
A symbolic link manipulation vulnerability in Trellix Anti-Malware Engine prior to the January 2024 release allows an authenticated local user to potentially gain an escalation of privileges. This was achieved by adding an entry to the registry under the Trellix ENS registry folder with a symboli...
Code injection
A symbolic link manipulation vulnerability in Trellix Anti-Malware Engine prior to the January 2024 release allows an authenticated local user to potentially gain an escalation of privileges. This was achieved by adding an entry to the registry under the Trellix ENS registry folder with a symboli...
CVE-2024-0206
CVE-2024-0206 affects Trellix Anti-Malware Engine prior to the January 2024 release. The root cause is a symbolic link in the Trellix ENS registry folder that a privileged, authenticated local user can create, which the Engine then follows after a scan, potentially removing files the user should ...
Trellix Anti-Malware Engine Backlink Vulnerability
Trellix Anti-Malware Engine is a security program from FireEye Trellix, Inc. Trellix Anti-Malware Engine version 6700 suffers from a back-link vulnerability that stems from the presence of a symbolic link manipulation vulnerability that allows privilege escalation by authenticated local users...
Hitachi System Management Unit Security Vulnerability
Hitachi System Management Unit is a device used to manage servers and clusters from Hitachi, Japan. A security vulnerability exists in Hitachi System Management Unit SMU versions prior to 14.8.7825.01, which stems from the component's susceptibility to information disclosure via URL manipulation,...
CVE-2023-36085
The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its "/sisqualIdentityServer/core/" endpoint. By modifying the HTTP Host header, an attacker can change webpage links and even redirect users to arbitrary or malicious locations. This can lead to...
SISQUAL WFM Input Validation Error Vulnerability
SISQUAL WFM is an intelligent software solution from SISQUAL WFM, Inc. enabling companies around the world to forecast, plan and manage their workforce. A security vulnerability exists in SISQUAL WFM versions 7.1.319.103 through 7.1.319.111, which stems from the presence of a Host Header Injectio...