Lucene search
+L

94 matches found

ATTACKERKB
ATTACKERKB
added 2022/04/14 3:15 p.m.5 views

CVE-2022-1256

A local privilege escalation vulnerability in MA for Windows prior to 5.7.6 allows a local low privileged user to gain system privileges through running the repair functionality. Temporary file actions were performed on the local user's %TEMP% directory with System privileges through manipulation...

7.8CVSS7.1AI score0.0025EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2021/05/03 12:15 p.m.49 views

CVE-2021-25631

In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type...

9.3CVSS7.3AI score0.0417EPSS
Exploits1References2
NVD
NVD
added 2020/09/29 12:15 a.m.26 views

CVE-2020-24562

A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code ...

7.8CVSS0.00573EPSS
Exploits0References2
CVE
CVE
added 2020/09/28 11:30 p.m.96 views

CVE-2020-24562

Trend Micro OfficeScan XG SP1 on Windows is affected by a local privilege-escalation vulnerability (CVE-2020-24562) that lets an attacker who can execute low-privileged code create a hard link to an arbitrary file, enabling privilege escalation and potential code execution. Public sources in conn...

7.8CVSS7.9AI score0.00573EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/09/28 11:30 p.m.23 views

CVE-2020-24562

A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code ...

8AI score0.00573EPSS
Exploits0References2
CNVD
CNVD
added 2020/09/04 12:0 a.m.4 views

IBM API Connect elevation of privilege vulnerability (CNVD-2020-50792)

IBM API Connect is a comprehensive end-to-end API lifecycle solution. An elevation of privilege vulnerability exists in API Manager for IBM API Connect 2018.4.1.0 through 2018.4.1.12, which can be exploited by an invitee of an API provider organization to elevate privileges by manipulating the...

7.2CVSS7AI score0.01715EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/09/03 1:55 p.m.25 views

CVE-2020-4638

IBM API Connect's API Manager 2018.4.1.0 through 2018.4.1.12 is vulnerable to privilege escalation. An invitee to an API Provider organization can escalate privileges by manipulating the invitation link. IBM X-Force ID: 185508...

7.2CVSS7AI score0.01715EPSS
Exploits0References2
Prion
Prion
added 2020/07/03 2:15 p.m.18 views

Privilege escalation

Privilege Escalation vulnerability in McAfee Total Protection MTP before 16.0.R26 allows local users to create and edit files via symbolic link manipulation in a location they would otherwise not have access to. This is achieved through running a malicious script or program on the target machine...

4.6CVSS8.2AI score0.00616EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/04/24 12:0 a.m.112 views

McAfee Endpoint Security for Windows 10.5.x < 10.5.5 Security Hotfix 129256 / 10.6.x < 10.6.1 April 2020 Update / 10.7.x < 10.7.0 April 2020 Update Multiple Vulnerabilities (SB10309)

The version of the McAfee Endpoint Security ENS for Windows installed on the remote Windows host is 10.5.x prior to 10.5.5 Security Hotfix 129256, 10.6.x prior to 10.6.1 April 2020 Update, or 10.7.x prior to 10.7.0 April 2020 Update. It is, therefore, affected by multiple vulnerabilities: - A...

8.4CVSS6.3AI score0.00636EPSS
Exploits0References12
NVD
NVD
added 2020/04/15 1:15 p.m.20 views

CVE-2020-7250

Symbolic link manipulation vulnerability in McAfee Endpoint Security ENS for Windows prior to 10.7.0 February 2020 Update allows authenticated local user to potentially gain an escalation of privileges by pointing the link to files which the user which not normally have permission to alter via...

8.2CVSS8.4AI score0.00391EPSS
Exploits0References1
Prion
Prion
added 2020/04/15 1:15 p.m.21 views

Design/Logic Flaw

Symbolic link manipulation vulnerability in McAfee Endpoint Security ENS for Windows prior to 10.7.0 February 2020 Update allows authenticated local user to potentially gain an escalation of privileges by pointing the link to files which the user which not normally have permission to alter via...

4.6CVSS7.8AI score0.00391EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/01/09 3:48 p.m.35 views

Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilties

Summary Multiple vulnerabilities in Cognos Analytics have been addressed. Vulnerabilities have been addressed in the following 3rd party software components that are consumed by IBM Cognos Analytics: Apache Xerces2, Apache Axis, and Apache POI. Other vulnerabilities have also been addressed...

7.8CVSS0.6AI score0.17461EPSS
Exploits3Affected Software1
Prion
Prion
added 2019/12/24 2:15 p.m.15 views

Privilege escalation

A privilege escalation vulnerability in Trend Micro Antivirus for Mac 2019 v9.0.1379 and below could potentially allow an attacker to create a symbolic link to a target file and modify it...

5CVSS7.7AI score0.03158EPSS
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2019/09/26 12:0 a.m.259 views

V-SOL GPON/EPON OLT Platform 2.03 Link Manipulation

V-SOL GPON/EPON OLT Platform v2.03 Link Manipulation Vulnerability Vendor: Guangzhou V-SOLUTION Electronic Technology Co., Ltd. Product web page: https://www.vsolcn.com Affected version: V2.03.62RIPv6 V2.03.54R V2.03.52R V2.03.49 V2.03.47 V2.03.40 V2.03.26 V2.03.24 V1.8.6 V1.4 Summary: GPON is...

7.4AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2019/09/26 12:0 a.m.340 views

V-SOL GPON/EPON OLT Platform v2.03 Link Manipulation Vulnerability

Summary GPON is currently the leading FTTH standard in broadband access technology being widely deployed by service providers around the world. GPON/EPON OLT products are 1U height 19 inch rack mount products. The features of the OLT are small, convenient, flexible, easy to deploy, high...

9.8CVSS5.9AI score0.00373EPSS
Exploits1
OSV
OSV
added 2019/03/13 10:29 p.m.5 views

DEBIAN-CVE-2019-9751

An issue was discovered in Open Ticket Request System OTRS 6.x before 6.0.17 and 7.x before 7.0.5. An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. This is related to Kernel/Output/Template/Document.pm...

4.8CVSS7AI score0.00812EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2018/08/06 12:0 a.m.59 views

Wavemaker Studio 6.6 - Server-Side Request Forgery

Exploit Title: Wavemaker Studio 6.6 - Server-Side Request Forgery SSRF. Exploit Author: Gionathan "John" Reale Google Dork: N/A Date: 2018-08-01 Vendor Homepage: http://www.wavemaker.com/ Software Link: https://github.com/cloudjee/wavemaker/blob/master/wavemaker/wavemaker-studio/ Affected Version...

7.4AI score
Exploits0
CNVD
CNVD
added 2018/06/08 12:0 a.m.3 views

Cypserver Directory Traversal Vulnerability

cypserver is a static file server. A directory traversal vulnerability exists in cypserver. An attacker can exploit this vulnerability by placing "... /" in a URL to access the file system...

7.5CVSS7.5AI score0.02005EPSS
Exploits1References1
OSV
OSV
added 2017/10/11 1:32 a.m.11 views

CVE-2017-15215

Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can for example take over the admin session or change global settings or add/delete links. It is also...

6.1CVSS6.2AI score
Exploits0References3
OSV
OSV
added 2017/02/08 10:59 p.m.2 views

CVE-2016-0308

IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images...

4.3CVSS5.7AI score0.00665EPSS
Exploits0References2
Rows per page
Query Builder