CVE-2022-23805

A security out-of-bounds read information disclosure vulnerability in Trend Micro Worry-Free Business Security Server could allow a local attacker to send garbage data to a specific named pipe and crash the server. Please note: an attacker must first obtain the ability to execute low-privileged...

CVE-2022-23805

A security out-of-bounds read information disclosure vulnerability in Trend Micro Worry-Free Business Security Server could allow a local attacker to send garbage data to a specific named pipe and crash the server. Please note: an attacker must first obtain the ability to execute low-privileged...

CVE-2021-44204

Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 Windows before build 28035, Acronis Agent Windows before build 27147, Acronis Cyber Protect Home Office Windows before build 39612, Acronis True Image 202...

CVE-2021-44204

Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 Windows before build 28035, Acronis Agent Windows before build 27147, Acronis Cyber Protect Home Office Windows before build 39612, Acronis True Image 202...

Improper access control

Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 Windows before build 28035, Acronis Agent Windows before build 27147, Acronis Cyber Protect Home Office Windows before build 39612, Acronis True Image 202...

Information disclosure

A security out-of-bounds read information disclosure vulnerability in Trend Micro Worry-Free Business Security Server could allow a local attacker to send garbage data to a specific named pipe and crash the server. Please note: an attacker must first obtain the ability to execute low-privileged...

CVE-2021-44204 Local privilege escalation via named pipe due to improper access control checks

Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 Windows before build 28035, Acronis Agent Windows before build 27147, Acronis Cyber Protect Home Office Windows before build 39612, Acronis True Image 202...

CVE-2021-44204

The CVE-2021-44204 entry concerns a local privilege escalation via named pipes caused by improper access control checks. Affected Windows products and builds include: Acronis Cyber Protect 15 before 28035, Acronis Agent before 27147, Acronis Cyber Protect Home Office before 39612, and Acronis Tru...

Acronis 多款产品安全漏洞

Acronis Cyber Protect and others are products of Acronis Singapore.Acronis Cyber Protect is a network protection product.Acronis True Image is a famous data backup and restore software.Acronis Agent is an agent software. A security vulnerability exists in several Acronis products that stems from...

Mageia: Security Advisory (MGASA-2020-0110)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-23935

lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file = /|$/ check, leading to command injection...

DEBIAN-CVE-2022-23935

lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file = /|$/ check, leading to command injection...

Inject-Assembly - Inject .NET Assemblies Into An Existing Process

This tool is an alternative to traditional fork and run execution for Cobalt Strike. The loader can be injected into any process, including the current Beacon. Long-running assemblies will continue to run and send output back to the Beacon, similar to the behavior of execute-assembly. There are t...

pipe-s.ru Cross Site Scripting vulnerability OBB-2335399

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2021-45441

A origin validation error vulnerability in Trend Micro Apex One on-prem and SaaS could allow a local attacker drop and manipulate a specially crafted file to issue commands over a certain pipe and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to...

Controlup Real-Time Agent Command Injection Vulnerability

Controlup Real-Time Agent is a real-time agent from Controlup USA. The Controlup Real-Time Agent suffers from a command injection vulnerability that originates from an unauthenticated named pipe channel in the Controlup Real-Time Agent, which can be exploited by an attacker to run operating syste...

CVE-2021-45912

An unauthenticated Named Pipe channel in Controlup Real-Time Agent cuAgent.exe before 8.5 potentially allows an attacker to run OS commands via the ProcessActionRequest WCF method...

CVE-2021-45912

An unauthenticated Named Pipe channel in Controlup Real-Time Agent cuAgent.exe before 8.5 potentially allows an attacker to run OS commands via the ProcessActionRequest WCF method...

Command injection

An unauthenticated Named Pipe channel in Controlup Real-Time Agent cuAgent.exe before 8.5 potentially allows an attacker to run OS commands via the ProcessActionRequest WCF method...

CVE-2021-45912

Controlup Real-Time Agent (cuAgent.exe) exposes an unauthenticated Named Pipe channel that, before version 8.5, allows an attacker to execute OS commands via the ProcessActionRequest WCF method. Impact is local and could enable command execution with the attacker’s privileges. Remediation per sou...