CVE-2025-66264 Unquoted Service path in UPSilon2000V6.0 SYSTEM privilege service

The CMService.exe service runs with SYSTEM privileges and contains an unquoted service path. This allows a local attacker with write privileges to the filesystem to insert a malicious executable in the path, leading to privilege escalation...

How to Configure NFSv4 on IBM AIX

Purpose This article documents steps to enable NFSv4 on IBM AIX to enable backup mount support for Veeam Agent for IBM AIX introduced with Veeam Backup & Replication 13. Solution Part 1: Configure the Host Resolution 1. Open the /etc/netsvc.conf file. 2. Ensure that the hosts parameter is set to...

CVE-2025-34160

AnyShare contains a critical unauthenticated remote code execution vulnerability in the ServiceAgent API exposed on port 10250. The endpoint /api/ServiceAgent/startservice accepts user-supplied input via POST and fails to sanitize command-like payloads. An attacker can inject shell syntax that is...

CVE-2025-34160 AnyShare ServiceAgent API Unauthenticated RCE

AnyShare contains a critical unauthenticated remote code execution vulnerability in the ServiceAgent API exposed on port 10250. The endpoint /api/ServiceAgent/startservice accepts user-supplied input via POST and fails to sanitize command-like payloads. An attacker can inject shell syntax that is...

CVE-2025-34160

CVE-2025-34160 affects AnyShare via the ServiceAgent API exposed on port 10250. The endpoint "/api/ServiceAgent/start_service" accepts POST input and fails to sanitize command-like payloads, enabling unauthenticated remote code execution (RCE) when an attacker injects shell syntax that is execute...

CVE-2025-34160

AnyShare contains a critical unauthenticated remote code execution vulnerability in the ServiceAgent API exposed on port 10250. The endpoint /api/ServiceAgent/startservice accepts user-supplied input via POST and fails to sanitize command-like payloads. An attacker can inject shell syntax that is...

PT-2025-34943 · Anyshare · Anyshare

Name of the Vulnerable Software and Affected Versions: AnyShare affected versions not specified Description: AnyShare contains a critical unauthenticated remote code execution issue in the ServiceAgent API exposed on port 10250. The /api/ServiceAgent/start service endpoint accepts user-supplied...

UBUNTU-CVE-2025-38593

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix double free in 'hcidiscoveryfilterclear' Function 'hcidiscoveryfilterclear' frees 'uuids' array and then sets it to NULL. There is a tiny chance of the following race: 'hcicmdsyncwork'...

CVE-2025-38593

CVE-2025-38593: Linux kernel Bluetooth HCI double-free in hci_discovery_filter_clear() due to a race with start_service_discovery(); fix adds locking around kfree() and the NULL assignment of uuids. This mitigates a potential use-after-free / slab error and is reflected in multiple vendor advisor...

CVE-2023-28093

A user with a compromised configuration can start an unsigned binary as a service...

CVE-2023-27498

SAP Host Agent SAPOSCOL - version 7.22, allows an unauthenticated attacker with network access to a server port assigned to the SAP Start Service to submit a crafted request which results in a memory corruption error. This error can be used to reveal but not modify any technical information about...

CVE-2023-27498

SAP Host Agent SAPOSCOL - version 7.22, allows an unauthenticated attacker with network access to a server port assigned to the SAP Start Service to submit a crafted request which results in a memory corruption error. This error can be used to reveal but not modify any technical information about...

PT-2023-21173 · Sap · Sap Host Agent

Name of the Vulnerable Software and Affected Versions: SAP Host Agent SAPOSCOL version 7.22 Description: The issue allows an unauthenticated attacker with network access to a server port assigned to the SAP Start Service to submit a crafted request, resulting in a memory corruption error. This...

CVE-2023-24523

An attacker authenticated as a non-admin user with local access to a server port assigned to the SAP Host Agent Start Service - versions 7.21, 7.22, can submit a crafted ConfigureOutsideDiscovery request with an operating system command which will be executed with administrator privileges. The OS...

SAP Host Agent 安全漏洞

SAP Host Agent is a set of agent programs from SAP, Germany, that support several lifecycle management tasks such as operating system monitoring, database monitoring, and system instance monitoring. A security vulnerability exists in SAP Host Agent Start Service version 7.21 and 7.22. An attacker...

CVE-2021-29951

The Mozilla Maintenance Service granted SERVICESTART access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. This could be used to prevent the browser update service from operating if an attacker spammed the 'Stop' command; but also...

Mandriva Linux Security Advisory : ircd-hybrid (MDVSA-2013:093)

Updated ircd-hybrid packages fix security vulnerability : Bob Nomnomnom reported a Denial of Service vulnerability in IRCD-Hybrid, an Internet Relay Chat server. A remote attacker may use an error in the masks validation and crash the server CVE-2013-0238. Please note that due to the previously...