EUVD-2012-6578

Malware in sbrugna...

EUVD-2020-29875

Malware in sbrugna...

CVE-2012-10030

FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbitrary files to sensitive system directories. The server accepts empty credentials, defaults user access to the root of the C:\ drive, and imposes no restrictions on file type or...

CVE-2012-10030

The CVE-2012-10030 entry describes a vulnerability in FreeFloat FTP Server where unauthenticated attackers can upload arbitrary files to sensitive system directories (e.g., C:\ root, system32, wbem\mof). The underlying issue is design flaws that allow unrestricted file uploads and destination pat...

CVE-2025-0664

A locally authenticated, privileged user can craft a malicious OpenSSL configuration file, potentially leading the agent to load an arbitrary local library. This may impair endpoint defenses and allow the attacker to achieve code execution with SYSTEM-level privileges...

CVE-2025-0664

CVE-2025-0664 affects Trellix Endpoint Security HX Agent. A locally authenticated, privileged user can craft a malicious OpenSSL configuration file, potentially causing the agent to load an arbitrary local library and execute code with SYSTEM privileges. Evidence from multiple sources confirms th...

CVE-2025-5345 Exposed AIDL service allowing to read and delete files with system-level privileges in Bluebird filemanager application

Bluebird devices contain a pre-loaded file manager application. This application exposes an unsecured service provider "com.bluebird.system.koreanpost.IsdcardRemoteService". A local attacker can bind to the AIDL-type service to copy and delete arbitrary files from device's storage with system-lev...

PT-2025-29461 · One Identity · One Identity Password Manager

Name of the Vulnerable Software and Affected Versions: One Identity Password Manager versions prior to 5.14.4 Description: The Secure Password extension in One Identity Password Manager contains a flaw in its security hardening mechanism within the kiosk browser used for the Password Self-Service...

CVE-2025-49144

Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker could use social...

CVE-2025-49144

Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker could use social...

About Elevation of Privilege – Microsoft DWM Core Library (CVE-2025-30400) vulnerability

About Elevation of Privilege - Microsoft DWM Core Library CVE-2025-30400 vulnerability. The vulnerability, patched as part of May Microsoft Patch Tuesday, affects the Desktop Window Manager component. This is a compositing window manager that has been part of Windows since Windows Vista. Successf...

CVE-2024-13917

An application "com.pri.applock", which is pre-loaded on Kruger&Matz smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data. Exposed ”com.pri.applock.LockUI“ activity allows any other malicious application, with no granted Android system...

CVE-2024-13917 Intent Injection in Kruger&Matz AppLock application

An application "com.pri.applock", which is pre-loaded on Kruger&Matz smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data. Exposed ”com.pri.applock.LockUI“ activity allows any other malicious application, with no granted Android system...

CVE-2023-20229

A vulnerability in the CryptoService function of Cisco Duo Device Health Application for Windows could allow an authenticated, local attacker with low privileges to conduct directory traversal attacks and overwrite arbitrary files on an affected system. This vulnerability is due to insufficient...

CVE-2024-13759 Local Privilege Escalation in Avira Prime 1.1.96.2 on Windows 10 x64

Local Privilege Escalation in Avira.Spotlight.Service.exe in Avira Prime 1.1.96.2 on Windows 10 x64 allows local attackers to gain system-level privileges via arbitrary file deletion...

CVE-2024-52869

Certain Teradata account-handling code through 2024-11-04, used with SUSE Enterprise Linux Server, mismanages groups. Specifically, when there is an operating system move from SUSE Enterprise Linux Server SLES 12 Service Pack SP 2 or 3 to SLES 15 SP2 on Teradata Database systems, some...

Out-of-bounds reads in Adobe Acrobat; Foxit PDF Reader contains vulnerability that could lead to SYSTEM-level privileges

Cisco Talos Vulnerability Research team has helped to disclose and patch more than 20 vulnerabilities over the past three weeks, including two in the popular Adobe Acrobat Reader software. Acrobat, one of the most popular PDF readers currently available, contains two out-of-bounds read...

Only one critical vulnerability included in May’s Microsoft Patch Tuesday; One other zero-day in DWN Core

After a relatively hefty Microsoft Patch Tuesday in April, this months security update from the company only included one critical vulnerability across its massive suite of products and services. In all, Mays slate of vulnerabilities disclosed by Microsoft included 59 total CVEs, most of which ar...

Cisco Duo Device Health Application for Windows Arbitrary File Write Vulnerability

A vulnerability in the CryptoService function of Cisco Duo Device Health Application for Windows could allow an authenticated, local attacker with low privileges to conduct directory traversal attacks and overwrite arbitrary files on an affected system. This vulnerability is due to insufficient...

Microsoft Windows Print Spooler Privilege Escalation Vulnerability

Microsoft Windows Print Spooler contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges...