127 matches found
GitLab < 14.2.6 (CVE-2021-39913)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Accidental logging of system root password in the migration log in all versions of GitLab CE/EE before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before...
Wondershare UBackit 2.0.5 - 'wsbackup' Unquoted Service Path
Exploit Title: Wondershare UBackit 2.0.5 - 'wsbackup' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2022-02-17 Vendor Homepage: https://www.wondershare.com/ Software Link : https://download.wondershare.com/ubackitfull8767.exe Tested Version: 2.0.5 Vulnerability Type: Unquoted...
CVE-2021-44466
Bitmask Riseup VPN 0.21.6 contains a local privilege escalation flaw due to improper access controls. When the software is installed with a non-default installation directory off of the system root, the installer fails to properly set ACLs. This allows lower privileged users to replace the VPN...
CVE-2021-39913
Accidental logging of system root password in the migration log in all versions of GitLab CE/EE before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker with local file system access to obtain system root-level privileges...
CVE-2021-39913
Accidental logging of system root password in the migration log in all versions of GitLab CE/EE before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker with local file system access to obtain system root-level privileges...
CVE-2021-39913
Accidental logging of system root password in the migration log in all versions of GitLab CE/EE before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker with local file system access to obtain system root-level privileges...
CVE-2021-39913
Technical details (affected products, versions, root cause, exploits) are not publicly provided in the supplied documents. Monitor for updates from vendors and security feeds to confirm precise impact and remediation for CVE-2021-39913.
CVE-2021-39913
Removed by vendor...
Tencent Classroom Has Janus Android Signature Vulnerability
Tencent Classroom is a professional online education platform launched by Tencent. Tencent Classroom has a Janus Android signature vulnerability, which can be exploited by an attacker to obtain system root privileges...
Tencent Guangdong Mahjong suffers from Janus Android signature vulnerability
Tencent Guangdong Mahjong is Tencent's first Guangdong Mahjong game. Tencent Guangdong Mahjong has a Janus Android signature vulnerability, which can be exploited by attackers to obtain system root privileges...
WeChat Phonebook suffers from Janus Android signature vulnerability
WeChat Phonebook is an intelligent communication enhancement software created by Tencent. WeChat Phonebook suffers from a Janus Android signature vulnerability. Attackers can use the vulnerability to obtain system root privileges...
Winpakpro 4.8 - 'WPCommandFileService' Unquoted Service Path
Exploit Title: Winpakpro 4.8 - 'WPCommandFileService' Unquoted Service Path Discovery by: Alan Mondragon Discovery Date: 2021-03-16 Vendor Homepage: https://www.security.honeywell.com/product-repository/winpak Software Links : https://www.security.honeywell.com/product-repository/winpak WinPackPr...
Binary Vulnerability in Cisco rv130w
Cisco is a leading global provider of networking solutions. A binary vulnerability exists in Cisco rv130w, which could allow an attacker to gain system root privileges by constructing rop under authentication...
CVE-2020-5803
Relative Path Traversal in Marvell QConvergeConsole GUI 5.5.0.74 allows a remote, authenticated attacker to delete arbitrary files on disk as SYSTEM or root...
Canon Inkjet Extended Survey Program 5.1.0.8 - 'IJPLMSVC.EXE' - Unquoted Service Path
Exploit Title: Canon Inkjet Extended Survey Program 5.1.0.8 - 'IJPLMSVC.EXE' - Unquoted Service Path Discovery by: Carlos Roa Discovery Date: 2020-11-07 Vendor Homepage: https://www.usa.canon.com/internet/portal/us/home Tested Version: 5.1.0.8 Vulnerability Type: Unquoted Service Path Tested on O...
CoDeSys V3 CmpRouter and CmpRouterEmbedded Integer Overflow (CVE-2019-5105)
An integer overflow vulnerability exists in CoDeSys V3 CmpRouter and CmpRouterEmbedded components. The vulnerability is due to improper validation of user-supplied data. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted message to the target server. Successf...
AVAST SecureLine 5.5.522.0 Unquoted Service Path
Exploit Title: AVAST SecureLine 5.5.522.0 - 'SecureLine' Unquoted Service Path Discovery by: Roberto Piña Discovery Date: 2020-03-24 Vendor Homepage:https://www.avast.com/ Software Link :https://www.avast.com/es-mx/download-thank-you.php?product=SLN&locale=es-mx Tested Version: 5.5.522.0...
Deep Instinct Windows Agent 1.2.29.0 - (DeepMgmtService) Unquoted Service Path Vulnerability
Exploit Title: Deep Instinct Windows Agent 1.2.29.0 - 'DeepMgmtService' Unquoted Service Path Discovery by: Oscar Flores Vendor Homepage: https://www.deepinstinct.com/ Software Links :...
CVE-2019-18245
Reliable Controls LicenseManager versions 3.4 and prior may allow an authenticated user to insert malicious code into the system root path, which may allow execution of code with elevated privileges of the application...
CVE-2019-18245
The CVE-2019-18245 entry relates to Reliable Controls LicenseManager, affected in versions 3.4 and prior. The underlying issue is an unquoted search path/element that a logged-in (authenticated) user can exploit to insert malicious code into the system root path, enabling local code execution wit...