18 matches found
Malwarebytes Anti-Malware Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Anti-Malware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...
EUVD-2022-37419
Malicious code in bioql PyPI...
Adobe Photoshop node_modules Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Adobe Photoshop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the...
CVE-2023-1970
UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as problematic, has been found in yuan1994 tpAdmin 1.3.12. This issue affects the function Upload of the file application\admin\controller\Upload.php. The manipulation of the argument file leads to unrestricted upload. The attack may...
Simple Exam Reviewer Management System 代码问题漏洞
Simple Exam Reviewer Management System is a Simple Exam Reviewer Management System by Carlo Montero Personal Developer. A security vulnerability exists in Simple Exam Reviewer Management System that originates from vulnerability to unsecured file uploads...
CVE-2022-34901
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 39316 Agent. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists...
CVE-2022-34901
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 39316 Agent. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists...
Unspecified vulnerability in Aviatrix Controller (CNVD-2021-32028)
Aviatrix Controller is an application from Aviatrix, Inc. Extend and control the native fabric with the cloud provider's APIs to extend its functionality and integrate it into the software. A security vulnerability exists in Aviatrix Controller version 5.3.1516, which stems from the presence of...
Aviatrix Controller 安全漏洞
Aviatrix Controller is an application from Aviatrix, Inc. Extend and control the native fabric with the cloud provider's APIs to extend its functionality and integrate it into the software. A security vulnerability exists in Aviatrix Controller version 5.3.1516, which stems from the presence of...
CVE-2020-13912
SolarWinds Advanced Monitoring Agent before 10.8.9 allows local users to gain privileges via a Trojan horse .exe file, because everyone can write to a certain .exe file...
CVE-2019-18288
A vulnerability has been identified in SPPA-T3000 Application Server All versions Service Pack R8.2 SP2. An attacker with valid authentication at the RMI interface could be able to gain remote code execution through an unsecured file upload. Please note that an attacker needs to have access to th...
CVE-2019-18288
Summary of CVE-2019-18288 (Siemens SPPA-T3000 Application Server) Affected product: SPPA-T3000 Application Server (all versions prior to Service Pack R8.2 SP2). Vulnerability: Unsecured file upload via the RMI interface allows an authenticated attacker to achieve remote code execution. Access to ...
Zimbra < 8.8.11 - XML External Entity Injection / Server-Side Request Forgery Vulnerability
Exploit for jsp platform in category web applications Zimbra |";int c;while c = in.read != -1 out.printcharc;in.close;out.print"|' printbaseurl dtd file url dtdurl="https://k8gege.github.io/zimbra.dtd" """ " !ENTITY % all "!ENTITY fileContents '%start;...
CVE-2018-8855
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices allow unencrypted Web connections by default, and devices can receive configuration and firmware updates by unsecure FTP...
Android Private Internet Access Denial Of Service
Original post here: http://wwws.nightwatchcybersecurity.com/2017/10/25/advisory-pia-android-app-cve-2017-15882/ SUMMARY The Android application provided by Private Internet Access PIA VPN service can be crashed by downloading a large file containing a list of current VPN servers. This can be...
Keylogger Found in Audio Drivers on Some HP Machines
An audio driver that comes installed on some HP-manufactured computers records users’ keystrokes and stores them in a world-readable plaintext file, researchers said Thursday. The culprit appears to be version 1.0.0.31 of MicTray64.exe, a program that comes installed with the Conexant audio drive...
eRoomVuln.txt
/ $ An open security advisory 9 - eRoom v6. Vulnerabilities 1: Bug Researcher: c0ntex - c0ntexbatgmail.com 2: Bug Released: July 06 2005 3: Bug Impact Rate: Medium / Hi 4: Bug Scope Rate: Remote $ This advisory and/or proof of concept code must not be used for commercial gain. Documentum eRoom...
netscape.directory.server.4.txt
Date: Mon, 03 May 1999 08:45:25 -0400 From: "Bobby, Paul" To: "'[email protected]'" Subject: bug/Netscape-DirectoryServer4 After installing Netscape's Directory Server 4 for Solaris, one of the final options is to remove a file called 'install.inf' which the install process claims coul...