CVE-2026-2516 Unidocs ezPDF DRM Reader/ezPDF Reader SHFOLDER.dll uncontrolled search path

A vulnerability was identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/3.0.0.4. This affects an unknown part in the library SHFOLDER.dll. Such manipulation leads to uncontrolled search path. The attack needs to be performed locally. Attacks of this nature are highly complex. It is...

EUVD-2020-28451

Malware in sbrugna...

CVE-2022-3859

An uncontrolled search path vulnerability exists in Trellix Agent TA for Windows in versions prior to 5.7.8. This allows an attacker with admin access, which is required to place the DLL in the restricted Windows System folder, to elevate their privileges to System by placing a malicious DLL ther...

FAQ: How does Malwarebytes ransomware rollback work?

As the old cybersecurity saying goes: "Its not if, but when." Everyone and their grandma have repeated this foreboding maxim about the nature of ransomware attacks, but sadly, that doesn't make it any less true. Time and again were reminded that ransomware can slip past even the best defenses...

CVE-2022-3859

An uncontrolled search path vulnerability exists in Trellix Agent TA for Windows in versions prior to 5.7.8. This allows an attacker with admin access, which is required to place the DLL in the restricted Windows System folder, to elevate their privileges to System by placing a malicious DLL ther...

CVE-2022-3859

An uncontrolled search path vulnerability exists in Trellix Agent TA for Windows in versions prior to 5.7.8. This allows an attacker with admin access, which is required to place the DLL in the restricted Windows System folder, to elevate their privileges to System by placing a malicious DLL ther...

CVE-2022-3859

An uncontrolled search path vulnerability exists in Trellix Agent TA for Windows in versions prior to 5.7.8. This allows an attacker with admin access, which is required to place the DLL in the restricted Windows System folder, to elevate their privileges to System by placing a malicious DLL ther...

Trellix Agent 代码问题漏洞

Trellix Agent is a client component of FireEye USA Trellix, Inc. provides secure communication between McAfee ePolicy Orchestrator McAfee ePO and hosted products. A security vulnerability exists in Trellix Agent TA for Windows versions prior to 5.7.8. An attacker could exploit the vulnerability t...

PT-2022-24471 · Trellix · Trellix Agent

Name of the Vulnerable Software and Affected Versions: Trellix Agent TA for Windows versions prior to 5.7.8 Description: An uncontrolled search path vulnerability exists in Trellix Agent TA for Windows. This allows an attacker with admin access to elevate their privileges to System by placing a...

CVE-2021-37617

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. The Nextcloud Desktop Client invokes its uninstaller script when being installed to make sure there are no remnants of previous installations. In versions 3.0.3 through 3.2.4, the Client searches th...

CVE-2021-37617

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. The Nextcloud Desktop Client invokes its uninstaller script when being installed to make sure there are no remnants of previous installations. In versions 3.0.3 through 3.2.4, the Client searches th...

Design/Logic Flaw

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. The Nextcloud Desktop Client invokes its uninstaller script when being installed to make sure there are no remnants of previous installations. In versions 3.0.3 through 3.2.4, the Client searches th...

Untrusted Search Path in Nextcloud Desktop Client

None...

McAfee MVISION Endpoint Access Control Error Vulnerability

McAfee MVISION Endpoint is a set of endpoint security protection software from the U.S. company McAfee McAfee. The software provides enhanced threat detection and correction for Windows systems. Access Control Error Vulnerability in Windows McAfee MVISION Endpoint before version 20.9. The...

CVE-2020-7324

Improper Access Control vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to bypass security mechanisms and deny access to the SYSTEM folder via incorrectly applied permissions...

CVE-2020-7324 Improper Access Control vulnerability in MVISION Endpoint

Improper Access Control vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to bypass security mechanisms and deny access to the SYSTEM folder via incorrectly applied permissions...

CVE-2019-15624

CVE-2019-15624: Nextcloud Server 15.0.7 is affected by improper input validation that allows group admins to create users with IDs of system folders. The issue is confirmed in CVE-2019-15624 and is addressed in security advisories accompanying Nextcloud updates to 15.0.14 (NC-SA-2020-015/openSUSE...

Old-School Bagle Worm Still Ready for Modern Spam Campaigns

The long-running Bagle worm, affecting Microsoft Windows machines, is still out there, a throwback to an earlier time. Also referred to as Beagle, Bagle contains a backdoor that listens on TCP port 6777 which is hardcoded in the worm’s body. This backdoor component provides remote access to the...

Information disclosure

An issue was discovered in DisplayLink Core Software Cleaner Application 8.2.1956. When the drivers are updated to a newer version, the product launches a process as SYSTEM to uninstall the old version: cl1956.exe is run as SYSTEM on the %systemroot%\Temp folder, where any user can write a DLL...

ExpressionEngine: RCE By import channel field

The reporter determined that a malicious Channel Set could be used to allow an administrator to upload a PHP file that they might otherwise not have permission to upload. Combined with the temporary folder name algorithm being available in the source code, the malicious administrator could...