Lucene search
K

832 matches found

Prion
Prion
added 2023/03/10 9:15 p.m.16 views

Path traversal

flarum is a forum software package for building communities. In versions prior to 1.7.0 an admin account which has already been compromised by an attacker may use a vulnerability in the LESS parser which can be exploited to read sensitive files on the server through the use of path traversal...

3.3CVSS5AI score0.00851EPSS
Exploits0References2Affected Software1
NCSC
NCSC
added 2023/02/27 12:0 a.m.21 views

Vulnerabilities fixed in Solarwinds Platform

Solarwinds has fixed vulnerabilities in the Network Performance Monitoring tools of Solarwinds Platform. A malicious person with prior authentication can exploit the vulnerabilities to execute arbitrary code at the system level of the vulnerable system. Solarwinds has released updates to address...

7.8CVSS7.8AI score0.84803EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:34 p.m.34 views

K14138: XML External Entity Injection (XXE) from authenticated source vulnerability CVE-2012-2997

Security Advisory Description An XML External Entity Injection XXE vulnerability exists in a BIG-IP component. This vulnerability may allow a user who is logged in to the BIG-IP Configuration utility to download arbitrary files from the file system. Impact An attacker may be able to exploit the...

7.2AI score
Exploits0
OSV
OSV
added 2023/02/16 6:15 p.m.4 views

CVE-2023-24485

Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app...

7.8CVSS7.2AI score0.00219EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/02/13 12:0 a.m.6 views

PT-2023-5480 · Lg · Lg Simple Editor

Name of the Vulnerable Software and Affected Versions: LG Simple Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. The specific flaw exists within the implementation of the...

10CVSS7.5AI score0.02388EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/01/26 12:0 a.m.3 views

Elastic Endpoint Security 安全漏洞

Elastic Endpoint Security is an endpoint security solution from Elastic. A security vulnerability exists in Elastic Endpoint Security that stems from a faulty rollback feature that could allow an unprivileged user to elevate their privileges to the privileges of a system account...

7.8CVSS7.3AI score0.00283EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/01/12 12:0 a.m.5 views

The vulnerability of the Windows Backup Service allows attackers to elevate their privileges to the SYSTEM level.

The vulnerability of the Windows Backup Service in operating systems relates to errors in privilege management. Exploiting this vulnerability can allow an attacker to elevate their privileges to the SYSTEM level...

7.1CVSS7.2AI score0.05327EPSS
Exploits2References4
OSV
OSV
added 2023/01/05 7:15 a.m.5 views

CVE-2022-43535

A vulnerability in the ClearPass OnGuard Windows agent could allow malicious users on a Windows instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with NT AUTHORITY\SYSTEM level privileges on the Windows instance in Aruba ClearPass...

7.8CVSS6.1AI score0.0018EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2022/11/14 12:0 a.m.328 views

Backdoor.Win32.RemServ.d MVID-2022-0655 Remote Command Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/05a082d441d9cf365749c0e1eb904c85.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.RemServ.d Vulnerability: Unauthenticated Remote Command Execution Family:...

0.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2022/11/08 12:0 a.m.6 views

PT-2022-5515 · Microsoft · Windows System Monitor

Name of the Vulnerable Software and Affected Versions: Microsoft Windows System Monitor Sysmon affected versions not specified Description: The issue is related to insufficient access control in the Microsoft Windows System Monitor Sysmon service, which can allow an attacker to elevate their...

7.8CVSS8.1AI score0.01082EPSS
Exploits0References11
CISA KEV Catalog
CISA KEV Catalog
added 2022/11/08 12:0 a.m.49 views

Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability

Microsoft Windows Cryptographic Next Generation CNG Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges...

7.8CVSS8AI score0.03021EPSS
In wildExploits0
CISA KEV Catalog
CISA KEV Catalog
added 2022/11/08 12:0 a.m.87 views

Microsoft Windows Print Spooler Privilege Escalation Vulnerability

Microsoft Windows Print Spooler contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges...

7.8CVSS8AI score0.02389EPSS
In wildExploits0
OSV
OSV
added 2022/10/07 8:15 p.m.3 views

CVE-2022-32592

In cpu dvfs, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07139405; Issue ID: ALPS07139405...

6.7CVSS5.9AI score0.00125EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/09/22 12:0 a.m.4 views

Crestron AirMedia 安全漏洞

Crestron AirMedia is Crestron's unlimited sharing platform for laptops, PCs, smartphones or tablets. A security vulnerability exists in Crestron AirMedia for Windows prior to version 5.5.1.84, which stems from insecure inherited privileges, and can be exploited by an attacker to initiate a system...

8.8CVSS7.8AI score0.00571EPSS
Exploits0References4
OSV
OSV
added 2022/09/13 10:15 p.m.6 views

CVE-2022-34102

Insufficient access control vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM level command prompt...

8.8CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2022/09/13 7:15 p.m.29 views

CVE-2022-34100

A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a low-privileged user can gain a SYSTEM level command prompt by pre-staging a file structure prior to the installation of a trusted service executable and change permissions on that file...

8.8CVSS0.01049EPSS
Exploits0References2
Prion
Prion
added 2022/09/13 7:15 p.m.19 views

Design/Logic Flaw

A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a low-privileged user can gain a SYSTEM level command prompt by pre-staging a file structure prior to the installation of a trusted service executable and change permissions on that file...

6.5CVSS8.7AI score0.01049EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/09/13 6:11 p.m.35 views

CVE-2022-34100

A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a low-privileged user can gain a SYSTEM level command prompt by pre-staging a file structure prior to the installation of a trusted service executable and change permissions on that file...

9AI score0.01049EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/08/31 12:0 a.m.5 views

PT-2022-22150 · Dell · Dell Command | Integration Suite For System Center

Name of the Vulnerable Software and Affected Versions: Dell Command | Integration Suite for System Center versions prior to 6.2.0 Description: The issue allows a locally authenticated malicious user to potentially perform an arbitrary file write as system, due to an arbitrary file write...

7.8CVSS7.7AI score0.00216EPSS
Exploits0References2
OSV
OSV
added 2022/07/25 7:15 p.m.6 views

CVE-2022-35873

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 b2022030114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

7.8CVSS7.5AI score0.00662EPSS
Exploits0References2
Rows per page
Query Builder