94 matches found
CVE-2022-1256
A local privilege escalation vulnerability in MA for Windows prior to 5.7.6 allows a local low privileged user to gain system privileges through running the repair functionality. Temporary file actions were performed on the local user's %TEMP% directory with System privileges through manipulation...
CVE-2021-25631
In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type...
CVE-2020-24562
A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code ...
CVE-2020-24562
Trend Micro OfficeScan XG SP1 on Windows is affected by a local privilege-escalation vulnerability (CVE-2020-24562) that lets an attacker who can execute low-privileged code create a hard link to an arbitrary file, enabling privilege escalation and potential code execution. Public sources in conn...
CVE-2020-24562
A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code ...
IBM API Connect elevation of privilege vulnerability (CNVD-2020-50792)
IBM API Connect is a comprehensive end-to-end API lifecycle solution. An elevation of privilege vulnerability exists in API Manager for IBM API Connect 2018.4.1.0 through 2018.4.1.12, which can be exploited by an invitee of an API provider organization to elevate privileges by manipulating the...
CVE-2020-4638
IBM API Connect's API Manager 2018.4.1.0 through 2018.4.1.12 is vulnerable to privilege escalation. An invitee to an API Provider organization can escalate privileges by manipulating the invitation link. IBM X-Force ID: 185508...
Privilege escalation
Privilege Escalation vulnerability in McAfee Total Protection MTP before 16.0.R26 allows local users to create and edit files via symbolic link manipulation in a location they would otherwise not have access to. This is achieved through running a malicious script or program on the target machine...
McAfee Endpoint Security for Windows 10.5.x < 10.5.5 Security Hotfix 129256 / 10.6.x < 10.6.1 April 2020 Update / 10.7.x < 10.7.0 April 2020 Update Multiple Vulnerabilities (SB10309)
The version of the McAfee Endpoint Security ENS for Windows installed on the remote Windows host is 10.5.x prior to 10.5.5 Security Hotfix 129256, 10.6.x prior to 10.6.1 April 2020 Update, or 10.7.x prior to 10.7.0 April 2020 Update. It is, therefore, affected by multiple vulnerabilities: - A...
CVE-2020-7250
Symbolic link manipulation vulnerability in McAfee Endpoint Security ENS for Windows prior to 10.7.0 February 2020 Update allows authenticated local user to potentially gain an escalation of privileges by pointing the link to files which the user which not normally have permission to alter via...
Design/Logic Flaw
Symbolic link manipulation vulnerability in McAfee Endpoint Security ENS for Windows prior to 10.7.0 February 2020 Update allows authenticated local user to potentially gain an escalation of privileges by pointing the link to files which the user which not normally have permission to alter via...
Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilties
Summary Multiple vulnerabilities in Cognos Analytics have been addressed. Vulnerabilities have been addressed in the following 3rd party software components that are consumed by IBM Cognos Analytics: Apache Xerces2, Apache Axis, and Apache POI. Other vulnerabilities have also been addressed...
Privilege escalation
A privilege escalation vulnerability in Trend Micro Antivirus for Mac 2019 v9.0.1379 and below could potentially allow an attacker to create a symbolic link to a target file and modify it...
V-SOL GPON/EPON OLT Platform 2.03 Link Manipulation
V-SOL GPON/EPON OLT Platform v2.03 Link Manipulation Vulnerability Vendor: Guangzhou V-SOLUTION Electronic Technology Co., Ltd. Product web page: https://www.vsolcn.com Affected version: V2.03.62RIPv6 V2.03.54R V2.03.52R V2.03.49 V2.03.47 V2.03.40 V2.03.26 V2.03.24 V1.8.6 V1.4 Summary: GPON is...
V-SOL GPON/EPON OLT Platform v2.03 Link Manipulation Vulnerability
Summary GPON is currently the leading FTTH standard in broadband access technology being widely deployed by service providers around the world. GPON/EPON OLT products are 1U height 19 inch rack mount products. The features of the OLT are small, convenient, flexible, easy to deploy, high...
DEBIAN-CVE-2019-9751
An issue was discovered in Open Ticket Request System OTRS 6.x before 6.0.17 and 7.x before 7.0.5. An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. This is related to Kernel/Output/Template/Document.pm...
Wavemaker Studio 6.6 - Server-Side Request Forgery
Exploit Title: Wavemaker Studio 6.6 - Server-Side Request Forgery SSRF. Exploit Author: Gionathan "John" Reale Google Dork: N/A Date: 2018-08-01 Vendor Homepage: http://www.wavemaker.com/ Software Link: https://github.com/cloudjee/wavemaker/blob/master/wavemaker/wavemaker-studio/ Affected Version...
Cypserver Directory Traversal Vulnerability
cypserver is a static file server. A directory traversal vulnerability exists in cypserver. An attacker can exploit this vulnerability by placing "... /" in a URL to access the file system...
CVE-2017-15215
Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can for example take over the admin session or change global settings or add/delete links. It is also...
CVE-2016-0308
IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images...