PT-2022-19230 · Unknown · Contents To Window

Name of the Vulnerable Software and Affected Versions: Contents To Window versions prior to SMR May-2022 Release 1 Description: The issue is related to improper access control, allowing a physical attacker to install a package before the completion of the Setup wizard. This can be exploited by a...

CVE-2022-0363

The myCred WordPress plugin before 2.4.3.1 does not have any authorisation and CSRF checks in the mycred-tools-import-export AJAX action, allowing any authenticated users, such as subscribers, to call it and import mycred setup, thus creating badges, managing points or creating arbitrary posts...

The vulnerability of the dsa_sign_setup function in the OpenSSL library, which relates to the disclosure of protected information, allows attackers to circumvent cryptographic mechanisms used for encryption protection.

The vulnerability of the dsasignsetup function in the OpenSSL library is related to the exposure of protected information. Exploiting this vulnerability could allow an attacker to circumvent the cryptographic mechanisms used for encryption protection...

GSD-2022-1001649 spi: cadence-quadspi: fix protocol setup for non-1-1-X operations

spi: cadence-quadspi: fix protocol setup for non-1-1-X operations This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.35 by commit...

CVE-2021-43986

The setup program for the affected product configures its files and folders with full access, which may allow unauthorized users permission to replace original binaries and achieve privilege escalation...

CVE-2021-43986

The setup program for the affected product configures its files and folders with full access, which may allow unauthorized users permission to replace original binaries and achieve privilege escalation...

CVE-2021-43986

CVE-2021-43986 affects FANUC ROBOGUIDE (simulation platform). The issue stems from the setup program configuring files/folders with full access, allowing an attacker with SYSTEM-level access to overwrite binaries and escalate privileges. This is part of a broader set of ROBOGUIDE vulnerabilities ...

CVE-2021-43986 ICSA-22-109-03 FANUC ROBOGUIDE Simulation Platform

The setup program for the affected product configures its files and folders with full access, which may allow unauthorized users permission to replace original binaries and achieve privilege escalation...

PT-2022-11966 · Fanuc · Roboguide

Name of the Vulnerable Software and Affected Versions: Affected product affected versions not specified Description: The setup program for the affected product configures its files and folders with full access, which may allow unauthorized users permission to replace original binaries and achieve...

Veritas NetBackup 跨站脚本漏洞

Veritas NetBackup is a storage service used by Veritas, Inc. to provide backup and recovery capabilities for enterprise environments. Veritas NetBackup OpsCenter Analytics version 9.1 is vulnerable to a cross-site scripting vulnerability caused by a failure to effectively escape and filter the...

PT-2022-13577 · Siteground · Siteground Security Plugin

Name of the Vulnerable Software and Affected Versions: SiteGround Security plugin for WordPress versions up to, and including, 1.2.5 Description: The issue allows unauthenticated users to log in as administrative users due to missing identity verification on initial 2FA set-up. This enables...

CWA 2202 : Published desktop fails to launch when CWA is used

-- Issue with CWA only -- Same endpoint works when same VDA is launched from Store URL -- Issue with 1 end point only -- Never worked on the CWA -- First time set up Details...

ZOHO ManageEngine ADSelfService Plus 安全漏洞

An information disclosure exists in Zoho ManageEngine ADSelfService Plus, ZOHO's integrated self-service password management and single sign-on solution for Active Directory and cloud applications. A vulnerability exists in Zoho ManageEngine ADSelfService Plus, which stems from the disclosure of...

linWinPwn - A Bash Script That Automates A Number Of Active Directory Enumeration And Vulnerability Checks

linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks. The script leverages and is dependent of a number of tools including: impacket, bloodhound, crackmapexec, ldapdomaindump, lsassy, smbmap, kerbrute, adidnsdump. Setup Git clone the reposito...

PT-2022-7390

Name of the Vulnerable Software and Affected Versions Bitrix versions prior to 7.5.0 Description The issue is related to the unrestricted upload of dangerous file types in the "1C-Bitrix: Virtual Machine" VMBitrix virtual server. This can be exploited by a remote attacker to execute arbitrary cod...

EvilSelenium - A Tool That Weaponizes Selenium To Attack Chromium Based Browsers

EvilSelenium is a new project that weaponizes Selenium to abuse Chromium-based browsers. The current features right now are: Steal stored credentials via autofill Steal cookies Take screenshots of websites Dump Gmail/O365 emails Dump WhatsApp messages Download & exfiltrate files Add SSH keys to...

CVE-2022-27293

D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formWlanSetup. This vulnerability allows attackers to cause a Denial of Service DoS via the webpage parameter...

Use-After-Free

Live555 through 1.08 does not handle Matroska and Ogg files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash...

envoy: Use-after-free when tunneling TCP over HTTP

A flaw was found in envoy. If a downstream source disconnects during upstream connection establishment when tunneling TCP over HTTP, a use-after-free can occur, resulting in a denial of service...

envoy: Use-after-free when tunneling TCP over HTTP

A flaw was found in envoy. If a downstream source disconnects during upstream connection establishment when tunneling TCP over HTTP, a use-after-free can occur, resulting in a denial of service...