CVE-2023-32163

Wacom Drivers for Windows Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Drivers for Windows. An attacker must first obtain the ability to execute low-privileged code on the target system...

CVE-2023-35719

ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of ManageEngine ADSelfService Plus. Authentication is not...

Wacom driver backlink vulnerability

Wacom driver is a driver for connecting and managing platform computers. A backlink vulnerability exists in Wacom Drivers for Windows, which stems from a specific flaw in the Tablet PC service, which can be abused to create files by creating symbolic links that can be exploited to elevate...

ZOHO ManageEngine ADSelfService Plus Data Forgery Issue Vulnerability

ZOHO ManageEngine ADSelfService Plus is ZOHO's integrated self-service password management and single sign-on solution for Active Directory and cloud applications. A data forgery vulnerability exists in ZOHO ManageEngine ADSelfService Plus that stems from a lack of proper authentication of data...

PT-2023-21079 · Openssl +1 · Openssl +1

Name of the Vulnerable Software and Affected Versions: 3CX affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations of 3CX. An attacker must first obtain the ability to execute low-privileged code on the target system in order...

PT-2023-23649 · Vipre · Vipre Antivirus Plus

Name of the Vulnerable Software and Affected Versions: VIPRE Antivirus Plus affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target syste...

CVE-2023-28079

PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure File and Folder Permissions vulnerability. A regular user non-admin can exploit the weak folder and file permissions to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM...

Vulnerabilities fixed in Dell EMC Powerpath

Dell has fixed vulnerabilities in Powerpath. A local malicious person could exploit the vulnerabilities to grant themselves elevated privileges and execute code with SYSTEM privileges, or to gain access to the license key and thereby perform unauthorized new installations. Dell has released updat...

Researchers Uncover New Exploit for PaperCut Vulnerability That Can Bypass Detection

Cybersecurity researchers have found a way to exploit a recently disclosed critical flaw in PaperCut servers in a manner that bypasses all current detections. Tracked as CVE-2023-27350 CVSS score: 9.8, the issue affects PaperCut MF and NG installations that could be exploited by an unauthenticate...

Vulnerabilities fixed in Microsoft SQL Server

Microsoft has fixed vulnerabilities in MS SQL Server. The vulnerabilities allow a malicious person to execute arbitrary execute arbitrary code with SYSTEM privileges. To exploit the vulnerabilities exploit, the malicious party must trick a user of SQL Server entice a rogue query to open and...

CVE-2023-28500

A Java insecure deserialization vulnerability in Adobe LiveCycle ES4 version 11.0 and earlier allows unauthenticated remote attackers to gain operating system code execution by submitting specially crafted Java serialized objects to a specific URL. Adobe LiveCycle ES4 version 11.0.1 and later may...

CVE-2023-22336

Path traversal vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to upload a specially crafted file to an arbitrary directory. As a result of exploiting this vulnerability with CVE-2023-22335 and CVE-2023-22344 vulnerabilitie...

CVE-2023-22344

Use of hard-coded credentials vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to obtain the password of the debug tool and execute it. As a result of exploiting this vulnerability with CVE-2023-22335 and CVE-2023-22336...

PT-2023-3793 · NetGear · Netgear Prosafe Network Management System

Name of the Vulnerable Software and Affected Versions: NETGEAR ProSAFE Network Management System affected versions not specified Description: The issue is related to the SettingConfigController class in the NETGEAR ProSAFE Network Management System, which lacks an authorization procedure. This...

CVE-2022-41141

This vulnerability allows local attackers to escalate privileges on affected installations of Windscribe. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of...

CVE-2022-33922

Dell GeoDrive, versions prior to 2.2, contains Insecure File and Folder Permissions vulnerabilities. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. Dell recommends customers to upgrade at the earlie...

PT-2022-21911 · Dell · Dell Geodrive

Name of the Vulnerable Software and Affected Versions: Dell GeoDrive versions prior to 2.2 Description: The issue is related to Insecure File and Folder Permissions, which could be exploited by a low privilege attacker to execute arbitrary code in the SYSTEM security context. Recommendations: For...

Kepware KEPServerEX 安全漏洞

Kepware Kepserverex is a software application from Kepware USA that communicates with a wide range of industrial equipment. The software supports more than 150 communication protocols and supports the delivery of reliable real-time data to organizations through a single platform. A security...

PT-2022-20650 · Gog · Gog Galaxy

Name of the Vulnerable Software and Affected Versions: GOG Galaxy versions 2.0.46 through 2.0.51 Description: An exploitable local privilege escalation issue exists due to insufficient folder permissions. An attacker can hijack the %ProgramData%GOG.com folder structure and change the...

CVE-2022-34902

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 39316 Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within t...