25 matches found
CVE-2021-4481 Dräger Protector Software Local Privilege Escalation via Insecure File Permissions
Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the host system to execu...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the failure to skip irrelevant instructions when replacing INT3/INTO instructions in KVM:SVM...
CVE-2025-9844
Uncontrolled Search Path Element vulnerability in Salesforce Salesforce CLI on Windows allows Replace Trusted Executable.This issue affects Salesforce CLI: before 2.106.6...
CVE-2025-55581
D-Link DCS-825L firmware version 1.08.01 and possibly prior versions contain an insecure implementation in the mydlink-watch-dog.sh script. The script monitors and respawns the dcp and signalc binaries without validating their integrity, origin, or permissions. An attacker with filesystem access...
Automation Is Redefining Pentest Delivery
Pentesting remains one of the most effective ways to identify real-world security weaknesses before adversaries do. But as the threat landscape has evolved, the way we deliver pentest results hasn't kept pace. Most organizations still rely on traditional reporting methods—static PDFs, emailed...
CVE-2023-28804
An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows replacing binaries.This issue affects Linux Client Connector: before 1.4.0.105...
SUSE CVE-2010-3707
plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving...
MAL-2023-2321 Malicious code in tkcalenadr (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx b7cf03379278d5958cb3faa876beea8f932ec37224f21479165c81786494fec4 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...
PostgreSQL 安全漏洞
PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, and more. A security vulnerability exists in PostgreSQL, which can be exploited...
Cyclades Serial Console Server 3.3.0 Privilege Escalation
Exploit Title: Cyclades Serial Console Server 3.3.0 - Local Privilege Escalation Date: 09 Feb 2022 Exploit Author: @ibby Vendor Homepage: https://www.vertiv.com/en-us/ Software Link: https://downloads2.vertivco.com/SerialACS/ACS/ACSv3.3.0-16/FL0536-017.zip Version: Legacy Versions V1.0.0 to...
Siemens Sicam Pq Analyzer 代码问题漏洞
SICAM PQ Analyzer is a power quality system software that provides options for evaluating archived PQ measurement data and fault records. A search path vulnerability exists in Siemens SICAM PQ Analyzer, which can be exploited by an attacker with write privileges to plant an executable that will r...
多款Advantech产品安全漏洞
Advantech WebAccess/SCADA is a suite of SCADA software from Advantech based on a browser architecture. The software supports dynamic graphical displays and real-time data control, and provides the ability to remotely control and manage automation equipment. A local elevation of privilege...
PT-2020-16306 · Home · Home Dns Server
Name of the Vulnerable Software and Affected Versions: Home DNS Server version 0.10 Description: An issue was discovered due to insufficient access restrictions in the default installation directory, allowing an attacker to elevate privileges by replacing the HomeDNSServer.exe binary...
CVE-2020-23834
Insecure Service File Permissions in the bd service in Real Time Logic BarracudaDrive v6.5 allow local attackers to escalate privileges to admin by replacing the %SYSTEMDRIVE%\bd\bd.exe file. When the computer next starts, the new bd.exe will be run as LocalSystem...
Malicious Package
Overview city-search is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using city-search...
Malicious Package
Overview blacklight-advancedsearch is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...
Malicious Package
Overview bardrake is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using bardrake altogethe...
Malicious Package
Overview playing-cards is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using playing-cards...
CVE-2019-19894
In IXP EasyInstall 6.2.13723, it is possible to temporarily disable UAC by using the Agent Service on a client system. An authenticated attacker non-admin can disable UAC for other users by renaming and replacing %SYSTEMDRIVE%\IXP\DATA\IXPAS.IXP...
Quick Heal Technologies Seqrite EndPoint Security Elevation of Privilege Vulnerability
Quick Heal Technologies Seqrite EndPoint Security EPS is a suite of endpoint security protection solutions from Quick Heal Technologies India. The product features device control, vulnerability scanning, patch management and asset management. An elevation of privilege vulnerability exists in Quic...