Lucene search
K

832 matches found

OSV
OSV
added 2023/08/03 11:15 p.m.6 views

CVE-2023-38951

ZKTeco BioTime 8.5.5 through 9.x before 9.0.1 20240617.19506 allows authenticated attackers to create or overwrite arbitrary files on the server via crafted requests to /base/sftpsetting/ endpoints that abuse a path traversal issue in the Username field and a lack of input sanitization on the SSH...

9.8CVSS6.3AI score0.03197EPSS
Exploits2References7
OSV
OSV
added 2023/07/04 2:15 a.m.3 views

CVE-2023-20771

In display, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07671046; Issue ID: ALPS07671046...

6.4CVSS5.9AI score0.00075EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/06/07 12:0 a.m.5 views

PT-2023-4723 · Papercut · Papercut Ng

Name of the Vulnerable Software and Affected Versions: PaperCut NG affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. Authentication is required to exploit this issue. The specific flaw exists within...

8.5CVSS7.6AI score0.5809EPSS
Exploits0References9
OSV
OSV
added 2023/05/31 12:15 a.m.7 views

CVE-2023-28353

An issue was discovered in Faronics Insight 10.0.19045 on Windows. An unauthenticated attacker is able to upload any type of file to any location on the Teacher Console's computer, enabling a variety of different exploitation paths including code execution. It is also possible for the attacker to...

8.8CVSS7.4AI score0.01362EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2023/05/31 12:15 a.m.3 views

CVE-2023-28347

An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for an attacker to create a proof-of-concept script that functions similarly to a Student Console, providing unauthenticated attackers with the ability to exploit XSS vulnerabilities within the Teacher Console...

9.6CVSS7.8AI score0.02773EPSS
Exploits1References3
Prion
Prion
added 2023/05/19 1:15 p.m.24 views

Command injection

A command injection vulnerability exists in the administrative web portal in TP-Link Archer VR1600V devices running firmware Versions = 0.1.0. 0.9.1 v5006.0 Build 220518 Rel.32480n which allows remote attackers, authenticated to the administrative web portal as an administrator user to open an...

4CVSS6.7AI score0.01756EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2023/05/09 7:58 p.m.22 views

GHSA-93XX-CVMC-9W3V On a compromised node, the fluid-csi service account can be used to modify node specs

Impact If a malicious user gains control of a Kubernetes node running fluid csi pod controlled by the csi-nodeplugin-fluid node-daemonset, he/she can leverage the fluid-csi service account to modify specs of all the nodes in the cluster. However, since this service account lacks "list node"...

4CVSS6.4AI score0.00236EPSS
Exploits0References6
NVD
NVD
added 2023/05/08 6:15 p.m.34 views

CVE-2023-30840

Fluid is an open source Kubernetes-native distributed dataset orchestrator and accelerator for data-intensive applications. Starting in version 0.7.0 and prior to version 0.8.6, if a malicious user gains control of a Kubernetes node running fluid csi pod controlled by the csi-nodeplugin-fluid...

7.8CVSS6.4AI score0.00236EPSS
Exploits0References4
NVD
NVD
added 2023/04/28 7:15 p.m.19 views

CVE-2023-1966

Instruments with Illumina Universal Copy Service v1.x and v2.x contain an unnecessary privileges vulnerability. An unauthenticated malicious actor could upload and execute code remotely at the operating system level, which could allow an attacker to change settings, configurations, software, or...

9.8CVSS8.9AI score0.00916EPSS
Exploits0References2
Prion
Prion
added 2023/04/28 7:15 p.m.31 views

Code injection

Instruments with Illumina Universal Copy Service v1.x and v2.x contain an unnecessary privileges vulnerability. An unauthenticated malicious actor could upload and execute code remotely at the operating system level, which could allow an attacker to change settings, configurations, software, or...

7.5CVSS9.6AI score0.00916EPSS
Exploits0References2Affected Software10
Cvelist
Cvelist
added 2023/04/28 6:6 p.m.21 views

CVE-2023-1966 CVE-2023-1966

Instruments with Illumina Universal Copy Service v1.x and v2.x contain an unnecessary privileges vulnerability. An unauthenticated malicious actor could upload and execute code remotely at the operating system level, which could allow an attacker to change settings, configurations, software, or...

7.4CVSS9.8AI score0.00916EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2023/04/26 12:0 a.m.365 views

Arcsoft PhotoStudio 6.0.0.172 Unquoted Service Path

Exploit Title: Arcsoft PhotoStudio 6.0.0.172 - Unquoted Service Path Date: 2023/04/22 Exploit Author: msd0pe Vendor Homepage: https://www.arcsoft.com/ My Github: https://github.com/msd0pe-1 Arcsoft PhotoStudio: Versions = wmic service get name,pathname,displayname,startmode | findstr /i auto |...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2023/04/26 12:0 a.m.396 views

Wondershare Filmora 12.2.9.2233 Unquoted Service Path

Exploit Title: Wondershare Filmora 12.2.9.2233 - Unquoted Service Path Date: 2023/04/23 Exploit Author: msd0pe Vendor Homepage: https://www.wondershare.com My Github: https://github.com/msd0pe-1 Wondershare Filmora: Versions = wmic service get name,pathname,displayname,startmode | findstr /i auto...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/25 12:0 a.m.473 views

Wondershare Filmora 12.2.9.2233 - Unquoted Service Path

Exploit Title: Wondershare Filmora 12.2.9.2233 - Unquoted Service Path Date: 2023/04/23 Exploit Author: msd0pe Vendor Homepage: https://www.wondershare.com My Github: https://github.com/msd0pe-1 Wondershare Filmora: Versions = wmic service get name,pathname,displayname,startmode | findstr /i auto...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/25 12:0 a.m.303 views

OCS Inventory NG 2.3.0.0 - Unquoted Service Path

Exploit Title: OCS Inventory NG 2.3.0.0 - Unquoted Service Path Date: 2023/04/21 Exploit Author: msd0pe Vendor Homepage: https://oscinventory-ng.org Software Link: https://github.com/OCSInventory-NG/WindowsAgent My Github: https://github.com/msd0pe-1 Fixed in version 2.3.1.0 OCS Inventory NG...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/04/25 12:0 a.m.305 views

OCS Inventory NG 2.3.0.0 - Unquoted Service Path Vulnerability

Exploit Title: OCS Inventory NG 2.3.0.0 - Unquoted Service Path Exploit Author: msd0pe Vendor Homepage: https://oscinventory-ng.org Software Link: https://github.com/OCSInventory-NG/WindowsAgent My Github: https://github.com/msd0pe-1 Fixed in version 2.3.1.0 OCS Inventory NG Windows Agent: Versio...

6.8AI score
Exploits0
0day.today
0day.today
added 2023/04/25 12:0 a.m.263 views

Arcsoft PhotoStudio 6.0.0.172 - Unquoted Service Path Vulnerability

Exploit Title: Arcsoft PhotoStudio 6.0.0.172 - Unquoted Service Path Date: 2023/04/22 Exploit Author: msd0pe Vendor Homepage: https://www.arcsoft.com/ My Github: https://github.com/msd0pe-1 Arcsoft PhotoStudio: Versions = wmic service get name,pathname,displayname,startmode | findstr /i auto |...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2023/04/18 3:51 p.m.17 views

CVE-2023-28142 Race Condition

A Race Condition exists in the Qualys Cloud Agent for Windows platform in versions from 3.1.3.34 and before 4.5.3.1. This allows attackers to escalate privileges limited on the local machine during uninstallation of the Qualys Cloud Agent for Windows. Attackers may gain SYSTEM level privileges on...

6.7CVSS7.2AI score0.00131EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/04/10 12:0 a.m.5 views

The vulnerability of the client installer for conducting real-time audio and video conferences. Zoom Client for IT Admins allows a perpetrator to elevate their privileges to the level of SYSTEM.

The vulnerability of the client installer for conducting real-time audio and video conferences in Zoom Client for IT Admins is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow attackers to elevate their privileges to the SYSTEM level...

7.2CVSS7.2AI score0.00185EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/04/06 6:15 p.m.2 views

CVE-2023-20666

In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310651; Issue ID: ALPS07292173...

6.7CVSS6.7AI score0.00095EPSS
Exploits0References1
Rows per page
Query Builder