832 matches found
Path traversal
flarum is a forum software package for building communities. In versions prior to 1.7.0 an admin account which has already been compromised by an attacker may use a vulnerability in the LESS parser which can be exploited to read sensitive files on the server through the use of path traversal...
Vulnerabilities fixed in Solarwinds Platform
Solarwinds has fixed vulnerabilities in the Network Performance Monitoring tools of Solarwinds Platform. A malicious person with prior authentication can exploit the vulnerabilities to execute arbitrary code at the system level of the vulnerable system. Solarwinds has released updates to address...
K14138: XML External Entity Injection (XXE) from authenticated source vulnerability CVE-2012-2997
Security Advisory Description An XML External Entity Injection XXE vulnerability exists in a BIG-IP component. This vulnerability may allow a user who is logged in to the BIG-IP Configuration utility to download arbitrary files from the file system. Impact An attacker may be able to exploit the...
CVE-2023-24485
Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app...
PT-2023-5480 · Lg · Lg Simple Editor
Name of the Vulnerable Software and Affected Versions: LG Simple Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. The specific flaw exists within the implementation of the...
Elastic Endpoint Security 安全漏洞
Elastic Endpoint Security is an endpoint security solution from Elastic. A security vulnerability exists in Elastic Endpoint Security that stems from a faulty rollback feature that could allow an unprivileged user to elevate their privileges to the privileges of a system account...
The vulnerability of the Windows Backup Service allows attackers to elevate their privileges to the SYSTEM level.
The vulnerability of the Windows Backup Service in operating systems relates to errors in privilege management. Exploiting this vulnerability can allow an attacker to elevate their privileges to the SYSTEM level...
CVE-2022-43535
A vulnerability in the ClearPass OnGuard Windows agent could allow malicious users on a Windows instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with NT AUTHORITY\SYSTEM level privileges on the Windows instance in Aruba ClearPass...
Backdoor.Win32.RemServ.d MVID-2022-0655 Remote Command Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/05a082d441d9cf365749c0e1eb904c85.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.RemServ.d Vulnerability: Unauthenticated Remote Command Execution Family:...
PT-2022-5515 · Microsoft · Windows System Monitor
Name of the Vulnerable Software and Affected Versions: Microsoft Windows System Monitor Sysmon affected versions not specified Description: The issue is related to insufficient access control in the Microsoft Windows System Monitor Sysmon service, which can allow an attacker to elevate their...
Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability
Microsoft Windows Cryptographic Next Generation CNG Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges...
Microsoft Windows Print Spooler Privilege Escalation Vulnerability
Microsoft Windows Print Spooler contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges...
CVE-2022-32592
In cpu dvfs, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07139405; Issue ID: ALPS07139405...
Crestron AirMedia 安全漏洞
Crestron AirMedia is Crestron's unlimited sharing platform for laptops, PCs, smartphones or tablets. A security vulnerability exists in Crestron AirMedia for Windows prior to version 5.5.1.84, which stems from insecure inherited privileges, and can be exploited by an attacker to initiate a system...
CVE-2022-34102
Insufficient access control vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM level command prompt...
CVE-2022-34100
A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a low-privileged user can gain a SYSTEM level command prompt by pre-staging a file structure prior to the installation of a trusted service executable and change permissions on that file...
Design/Logic Flaw
A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a low-privileged user can gain a SYSTEM level command prompt by pre-staging a file structure prior to the installation of a trusted service executable and change permissions on that file...
CVE-2022-34100
A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a low-privileged user can gain a SYSTEM level command prompt by pre-staging a file structure prior to the installation of a trusted service executable and change permissions on that file...
PT-2022-22150 · Dell · Dell Command | Integration Suite For System Center
Name of the Vulnerable Software and Affected Versions: Dell Command | Integration Suite for System Center versions prior to 6.2.0 Description: The issue allows a locally authenticated malicious user to potentially perform an arbitrary file write as system, due to an arbitrary file write...
CVE-2022-35873
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 b2022030114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...