Lucene search
K

180 matches found

CNNVD
CNNVD
added 2021/12/16 12:0 a.m.6 views

Mitsubishi Electric GX Works2 安全漏洞

The Mitsubishi Electric GX Works2 is a programmable controller from Mitsubishi Electric Japan. The Mitsubishi Electric GX Works2 contains a security vulnerability that can be exploited by an attacker to tamper with program files in the Mitsubishi Electric PLC by sending maliciously crafted packet...

7.5CVSS7.4AI score0.02711EPSS
Exploits0References7
Packet Storm
Packet Storm
added 2021/02/08 12:0 a.m.229 views

Trojan-Spy.Win32.WinSpy.vwl Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/0187e62ca40cb3d556a2c5825620bd8f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Spy.Win32.WinSpy.vwl Vulnerability: Insecure Permissions EoP Description: WinSpy.vwl create t...

7.4AI score
Exploits0
OSV
OSV
added 2020/12/14 9:15 p.m.5 views

CVE-2020-25234

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3, LOGO! Soft Comfort All versions V8.3. The LOGO! program files generated and used by the affected components offer the possibility to save user-defined functions UDF in a password protected way. This...

7.7CVSS7AI score0.00301EPSS
Exploits0References1
OSV
OSV
added 2020/12/14 9:15 p.m.2 views

CVE-2020-25231

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3, LOGO! Soft Comfort All versions V8.3. The encryption of program data for the affected devices uses a static key. An attacker could use this key to extract confidential information from protected program fil...

5.5CVSS6.6AI score0.0017EPSS
Exploits0References1
NVD
NVD
added 2020/12/14 9:15 p.m.23 views

CVE-2020-25231

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3, LOGO! Soft Comfort All versions V8.3. The encryption of program data for the affected devices uses a static key. An attacker could use this key to extract confidential information from protected program fil...

5.5CVSS6.2AI score0.0017EPSS
Exploits0References1
Prion
Prion
added 2020/12/14 9:15 p.m.21 views

Information disclosure

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3, LOGO! Soft Comfort All versions V8.3. The LOGO! program files generated and used by the affected components offer the possibility to save user-defined functions UDF in a password protected way. This...

3.6CVSS7.9AI score0.00301EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/12/14 9:5 p.m.23 views

CVE-2020-25231

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3, LOGO! Soft Comfort All versions V8.3. The encryption of program data for the affected devices uses a static key. An attacker could use this key to extract confidential information from protected program fil...

5.2AI score0.0017EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2020/08/05 3:47 p.m.416 views

Microsoft Teams Patch Bypass Allows RCE

COVID-19 has spurred the use of videoconferencing for businesses worldwide – and this expanded threat surface has lured attackers like moths to a flame. Adding insult to injury, researchers have recently discovered a workaround for a previous patch issued for Microsoft Teams, that would allow a...

0.2AI score0.26869EPSS
Exploits0References7
OSV
OSV
added 2020/06/16 1:15 p.m.2 views

CVE-2020-13431

I2P before 0.9.46 allows local users to gain privileges via a Trojan horse I2PSvc.exe file because of weak permissions on a certain %PROGRAMFILES% subdirectory...

7.8CVSS7.1AI score0.00309EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2020/02/11 12:0 a.m.157 views

freeFTPd 1.0.13 Unquoted Service Path

Exploit Title: freeFTPd v1.0.13 - 'freeFTPdService' Unquoted Service Path Exploit Author: boku Date: 2020-02-10 Vendor Homepage: http://www.freesshd.com Software Link: http://www.freesshd.com/freeFTPd.exe Version: 1.0.13 Tested On: Windows 10 32-bit C:\Users\nightelfwmic service get name, pathnam...

0.2AI score
Exploits0
Hacker One
Hacker One
added 2019/07/15 10:26 a.m.38 views

Razer US: Synapse 2.21 - DLL Hijacking vulnerability

Description of Vulnerability: When Razer Synapse starts on a Windows machine it tries to load a DLL RazerConfigNative.dll from the C:\ProgramData\Razer\Synapse\Devices directory. If a malicious attacker puts the malicious DLL in that directory, Razer Synapse will load it and run the code found in...

0.9AI score
Exploits0
Cvelist
Cvelist
added 2019/06/03 6:22 p.m.27 views

CVE-2019-3567

In some configurations an attacker can inject a new executable path into the extensions.load file for osquery and hard link a parent folder of a malicious binary to a folder with known 'safe' permissions. Under those circumstances osquery will load said malicious executable with SYSTEM permission...

8.1AI score0.0166EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2018/10/09 12:0 a.m.476 views

Seqrite End Point Security 7.4 - Privilege Escalation

Exploit Title: Seqrite End Point Security 7.4 - Privilege Escalation Date: 2018-09-13 Exploit Author: Hashim Jawad - @ihack4falafel Vendor Homepage: https://www.seqrite.com/ Tested on: Windows 7 Enterprise SP1 x64 CVE: CVE-2018-17775 Description: Seqrite End Point Security v7.4 installs by defaul...

7.8CVSS7.8AI score0.01027EPSS
Exploits3
OSV
OSV
added 2018/07/13 5:29 p.m.4 views

CVE-2018-7535

An issue was discovered in TotalAV v4.1.7. An unprivileged user could modify or overwrite all of the product's files because of weak permissions Everyone:F under %PROGRAMFILES%, which allows local users to gain privileges or obtain maximum control over the product...

7.8CVSS5.8AI score0.00284EPSS
Exploits1References1
CNVD
CNVD
added 2018/05/09 12:0 a.m.1 views

Cylance CylancePROTECT Privilege Extraction Vulnerability

Cylance CylancePROTECT is a suite of endpoint security protection software from Cylance USA. The software is capable of preventing ransomware, malware, and other attacks. A security vulnerability exists in Cylance CylancePROTECT versions prior to 1470, which stems from a user having...

7.8CVSS6.7AI score0.0055EPSS
Exploits1References1
CVE
CVE
added 2018/04/05 9:0 p.m.74 views

CVE-2017-14468

CVE-2017-14468 is an improper access control vulnerability affecting the Allen-Bradley MicroLogix 1400 Series B FRN 21.2 and earlier. The flaw resides in the data, program, and function file permissions, allowing unauthenticated packets to trigger reads/writes that disclose sensitive information,...

10CVSS9.2AI score0.37317EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2017/11/09 9:29 p.m.3 views

CVE-2017-16757

Hola VPN 1.34 has weak permissions Everyone:F under %PROGRAMFILES%, which allows local users to gain privileges via a Trojan horse 7za.exe or hola.exe file...

7.8CVSS5.8AI score0.00398EPSS
Exploits3References2
OSV
OSV
added 2017/10/16 5:29 p.m.2 views

CVE-2017-15383

Nero 7.10.1.0 has an unquoted BINARYPATHNAME for NBService, exploitable via a Trojan horse Nero.exe file in the %PROGRAMFILESx86%\Nero directory...

7.8CVSS5.8AI score0.00456EPSS
Exploits0References2
CNVD
CNVD
added 2017/03/21 12:0 a.m.1 views

DeepService SSL VPN suffers from a local power lifting vulnerability

EasyConnect enables you to use all the systems and applications on your company's intranet outside the office. The EasyConnect PC Client version 7.1.0.4 has an exe hijacking vulnerability due to a space in the binary path Program Files and the entire path is not enclosed in double quotes, which...

7.9AI score
Exploits0
CNVD
CNVD
added 2016/11/08 12:0 a.m.4 views

Elevation of Privilege Vulnerability in Various Siemens Products (CNVD-2016-10732)

Founded in 1847, Siemens AG of Germany focuses on electrification, automation and digitalization. Siemens holds leading positions in offshore wind turbine construction, gas and steam turbine power generation, transmission solutions, infrastructure solutions, industrial automation, drives and...

6.9CVSS6.8AI score0.00378EPSS
Exploits0References1
Rows per page
Query Builder