Lucene search
K

18 matches found

Zero Day Initiative
Zero Day Initiative
added 2026/04/15 12:0 a.m.9 views

Malwarebytes Anti-Malware Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Anti-Malware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

7.8CVSS6.1AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2022-37419

Malicious code in bioql PyPI...

5.5CVSS5.6AI score0.00372EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/01/20 12:0 a.m.11 views

Adobe Photoshop node_modules Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Adobe Photoshop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the...

7.3CVSS7AI score0.00285EPSS
Exploits0References1
OSV
OSV
added 2023/04/10 4:15 p.m.6 views

CVE-2023-1970

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as problematic, has been found in yuan1994 tpAdmin 1.3.12. This issue affects the function Upload of the file application\admin\controller\Upload.php. The manipulation of the argument file leads to unrestricted upload. The attack may...

7.2CVSS7.1AI score
Exploits0References3
CNNVD
CNNVD
added 2022/10/20 12:0 a.m.4 views

Simple Exam Reviewer Management System 代码问题漏洞

Simple Exam Reviewer Management System is a Simple Exam Reviewer Management System by Carlo Montero Personal Developer. A security vulnerability exists in Simple Exam Reviewer Management System that originates from vulnerability to unsecured file uploads...

7.2CVSS7.1AI score0.00973EPSS
Exploits1References3
OSV
OSV
added 2022/07/18 3:15 p.m.4 views

CVE-2022-34901

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 39316 Agent. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists...

7.8CVSS6.2AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/07/18 3:15 p.m.1 views

CVE-2022-34901

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 39316 Agent. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists...

7.8CVSS6.3AI score0.00322EPSS
Exploits0References3
CNVD
CNVD
added 2021/04/22 12:0 a.m.7 views

Unspecified vulnerability in Aviatrix Controller (CNVD-2021-32028)

Aviatrix Controller is an application from Aviatrix, Inc. Extend and control the native fabric with the cloud provider's APIs to extend its functionality and integrate it into the software. A security vulnerability exists in Aviatrix Controller version 5.3.1516, which stems from the presence of...

7.5CVSS6.8AI score0.01561EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/04/21 12:0 a.m.6 views

Aviatrix Controller 安全漏洞

Aviatrix Controller is an application from Aviatrix, Inc. Extend and control the native fabric with the cloud provider's APIs to extend its functionality and integrate it into the software. A security vulnerability exists in Aviatrix Controller version 5.3.1516, which stems from the presence of...

7.5CVSS5.6AI score0.01561EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/06/07 8:13 p.m.17 views

CVE-2020-13912

SolarWinds Advanced Monitoring Agent before 10.8.9 allows local users to gain privileges via a Trojan horse .exe file, because everyone can write to a certain .exe file...

7.2AI score0.01053EPSS
Exploits0References1
NVD
NVD
added 2019/12/12 7:15 p.m.29 views

CVE-2019-18288

A vulnerability has been identified in SPPA-T3000 Application Server All versions Service Pack R8.2 SP2. An attacker with valid authentication at the RMI interface could be able to gain remote code execution through an unsecured file upload. Please note that an attacker needs to have access to th...

8.8CVSS9.2AI score0.04007EPSS
Exploits0References2
CVE
CVE
added 2019/12/12 7:8 p.m.63 views

CVE-2019-18288

Summary of CVE-2019-18288 (Siemens SPPA-T3000 Application Server) Affected product: SPPA-T3000 Application Server (all versions prior to Service Pack R8.2 SP2). Vulnerability: Unsecured file upload via the RMI interface allows an authenticated attacker to achieve remote code execution. Access to ...

8.8CVSS8.6AI score0.04007EPSS
Exploits0References2Affected Software1
0day.today
0day.today
added 2019/06/06 12:0 a.m.709 views

Zimbra < 8.8.11 - XML External Entity Injection / Server-Side Request Forgery Vulnerability

Exploit for jsp platform in category web applications Zimbra |";int c;while c = in.read != -1 out.printcharc;in.close;out.print"|' printbaseurl dtd file url dtdurl="https://k8gege.github.io/zimbra.dtd" """ " !ENTITY % all "!ENTITY fileContents '%start;...

5CVSS7.7AI score0.80906EPSS
Exploits10
Vulnrichment
Vulnrichment
added 2018/07/24 5:0 p.m.6 views

CVE-2018-8855

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices allow unencrypted Web connections by default, and devices can receive configuration and firmware updates by unsecure FTP...

7.3AI score0.00827EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2017/10/27 12:0 a.m.88 views

Android Private Internet Access Denial Of Service

Original post here: http://wwws.nightwatchcybersecurity.com/2017/10/25/advisory-pia-android-app-cve-2017-15882/ SUMMARY The Android application provided by Private Internet Access PIA VPN service can be crashed by downloading a large file containing a list of current VPN servers. This can be...

7.6AI score0.01757EPSS
Exploits3
ThreatPost
ThreatPost
added 2017/05/11 11:34 a.m.22 views

Keylogger Found in Audio Drivers on Some HP Machines

An audio driver that comes installed on some HP-manufactured computers records users’ keystrokes and stores them in a world-readable plaintext file, researchers said Thursday. The culprit appears to be version 1.0.0.31 of MicTray64.exe, a program that comes installed with the Conexant audio drive...

2.1CVSS5.3AI score0.00523EPSS
Exploits1References4
Packet Storm
Packet Storm
added 2005/07/07 12:0 a.m.33 views

eRoomVuln.txt

/ $ An open security advisory 9 - eRoom v6. Vulnerabilities 1: Bug Researcher: c0ntex - c0ntexbatgmail.com 2: Bug Released: July 06 2005 3: Bug Impact Rate: Medium / Hi 4: Bug Scope Rate: Remote $ This advisory and/or proof of concept code must not be used for commercial gain. Documentum eRoom...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 1999/08/17 12:0 a.m.21 views

netscape.directory.server.4.txt

Date: Mon, 03 May 1999 08:45:25 -0400 From: "Bobby, Paul" To: "'[email protected]'" Subject: bug/Netscape-DirectoryServer4 After installing Netscape's Directory Server 4 for Solaris, one of the final options is to remove a file called 'install.inf' which the install process claims coul...

7.4AI score
Exploits0
Rows per page
Query Builder