31 matches found
CVE-2018-25272 ELBA5 5.8.0 Remote Code Execution via Database Access
ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to the database using default connector credentials, decrypt the DBA password, and execute commands v...
PT-2026-34468
ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to the database using default connector credentials, decrypt the DBA password, and execute commands v...
CVE-2023-53946
Affected software: Arcsoft PhotoStudio 6.0.0.172. Vulnerability: unquoted service path in the ArcSoft Exchange Service that can be exploited by local attackers to escalate privileges by placing a malicious executable in the unquoted path, triggering code execution with system-level permissions. I...
CVE-2025-62630
Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to traverse directories and achieve remote code execution with system-level permissions...
CVE-2025-62630
Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to traverse directories and achieve remote code execution with system-level permissions...
CVE-2025-62630 Advantech DeviceOn/iEdge Path Traversal
Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to traverse directories and achieve remote code execution with system-level permissions...
CVE-2025-62630
Summary (CVE-2025-62630 – Advantech DeviceOn/iEdge) : A path traversal vulnerability exists due to insufficient sanitization in the DeviceOn/iEdge dashboard label/path, enabling an unauthenticated attacker to upload a crafted configuration file, traverse directories, and trigger remote code execu...
PT-2025-45390
Name of the Vulnerable Software and Affected Versions affected versions not specified Description Insufficient sanitization allows an attacker to upload a specially crafted configuration file, leading to directory traversal and remote code execution with system-level permissions. Recommendations ...
EUVD-2025-21764
Malicious code in bioql PyPI...
CVE-2025-5345
Bluebird devices contain a pre-loaded file manager application. This application exposes an unsecured service provider "com.bluebird.system.koreanpost.IsdcardRemoteService". A local attacker can bind to the AIDL-type service to copy and delete arbitrary files from device's storage with system-lev...
CVE-2025-5345 Exposed AIDL service allowing to read and delete files with system-level privileges in Bluebird filemanager application
Bluebird devices contain a pre-loaded file manager application. This application exposes an unsecured service provider "com.bluebird.system.koreanpost.IsdcardRemoteService". A local attacker can bind to the AIDL-type service to copy and delete arbitrary files from device's storage with system-lev...
CVE-2021-1079
NVIDIA GeForce Experience, all versions prior to 3.22, contains a vulnerability in GameStream plugins where log files are created using NT/System level permissions, which may lead to code execution, denial of service, or local privilege escalation. The attacker does not have control over the...
SUSE SLES15 / openSUSE 15 Security Update : azure-cli (SUSE-SU-2025:0751-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0751-1 advisory. - CVE-2024-43591: improper neutralization of special elements could allow users to run Azure CLI commands that result in certa...
CVE-2024-29737
In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...
GHSA-5V69-92VW-FMJH Apache StreamPark: maven build params could trigger remote command execution
In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...
CVE-2024-29737
In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...
CVE-2023-52291
In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...
CVE-2024-29737
In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...
CVE-2024-29737
CVE-2024-29737 concerns a command-injection flaw in Apache StreamPark (Project module). The vulnerability arises from lax validation of build parameters in the Maven integration, allowing an authenticated user with system-level permissions to inject commands via the Build Argument (demonstrated b...
CVE-2024-29737 Apache StreamPark (incubating): maven build params could trigger remote command execution
In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...