EFACEC UC 500 Security Vulnerability

EFACEC UC 500 is a solution from EFACEC Portugal that provides an integrated and flexible communication gateway, automation platform and HMI solution for utility and industrial applications. A security vulnerability exists in the EFACEC UC 500 that originates from the fact that a user without...

The vulnerability of the Dell Command | Update, Dell Update, and Alienware Update software relates to a insecure operation at the mount point in the Windows operating system. This allows an attacker to delete arbitrary files.

The vulnerability of the Dell Command | Update, Dell Update, and Alienware Update programs is related to a unsafe operation at the mount point in the Windows operating system. Exploiting this vulnerability could allow an attacker to delete arbitrary files...

Path Traversal

golang is vulnerable to Path Traversal. The vulnerability is due to a lack of file path validation in pathwindows.go. This can allows an attacker to access arbitrary locations on a Windows system...

CVE-2023-4528: Java Deserialization Vulnerability in JSCAPE MFT (Fixed)

In August 2023, Rapid7 discovered a Java deserialization vulnerability in Redwood Software’s JSCAPE MFT secure managed file transfer product. The vulnerability was later assigned CVE-2023-4528. It can be exploited by sending an XML-encoded Java object to the Manager Service port, which, by defaul...

The vulnerability of the Windows System Assessment Tool, a service for assessing system performance, allows attackers to enhance their privileges.

The vulnerability of the Windows System Assessment Tool in Windows operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

PT-2023-5330 · Hewlett Packard +1 · Hpe Aruba Networking Virtual Intranet Access (Via) Client +1

Name of the Vulnerable Software and Affected Versions: HPE Aruba Networking Virtual Intranet Access VIA client affected versions not specified Description: A vulnerability in the HPE Aruba Networking Virtual Intranet Access VIA client could allow malicious users to overwrite arbitrary files as NT...

CVE-2023-36903

Windows System Assessment Tool Elevation of Privilege Vulnerability...

CVE-2023-36900

Windows Common Log File System Driver Elevation of Privilege Vulnerability...

CVE-2023-36903

Windows System Assessment Tool Elevation of Privilege Vulnerability...

Privilege escalation

Windows System Assessment Tool Elevation of Privilege Vulnerability...

CVE-2023-36903 Windows System Assessment Tool Elevation of Privilege Vulnerability

...

Microsoft Windows System Assessment Tool security vulnerability

Microsoft Windows is a suite of operating systems for use on personal devices from the U.S.-based Microsoft Corporation. A security vulnerability exists in the Microsoft Windows System Assessment Tool. An attacker could exploit this vulnerability to gain elevated privileges. The following product...

CVE-2023-35340

Windows CNG Key Isolation Service Elevation of Privilege Vulnerability...

PT-2023-3817 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to insufficient input validation in the HTTP.sys driver of the Windows operating system. This can be exploited by a remote attacker to cause a denial of service...

CVE-2023-27558

IBM Db2 on Windows 10.5, 11.1, and 11.5 may be vulnerable to a privilege escalation caused by at least one installed service using an unquoted service path. A local attacker could exploit this vulnerability to gain elevated privileges by inserting an executable file in the path of the affected...

CVE-2022-4149 Local privilege escalation using log file

The Netskope client service prior to R96 on Windows runs as NT AUTHORITY\SYSTEM which writes log files to a writable directory C:\Users\Public\netSkope for a standard user. The files are created and written with a SYSTEM account except one file logplaceholder which inherits permission giving all...

Open Citrix ICA file Failed with No Response

Suddenly, all the ICA files downloaded from web can't be opened. User double-clicked them, but the Windows system didn't respond by opening the CWA connection manager...

The vulnerability of antivirus protection tools such as Avast Antivirus, AVG Antivirus, and Avira Security for Windows operating systems allows a hacker to trigger a service failure.

The vulnerability of antivirus protection tools such as Avast Antivirus, AVG Antivirus, and Avira Security for Windows operating systems is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow attackers to cause service interruptions...

CVE-2022-48483

3CX before 18 Hotfix 1 build 18.0.3.461 on Windows allows unauthenticated remote attackers to read %WINDIR%\system32 files via /Electron/download directory traversal in conjunction with a path component that has a drive letter and uses backslash characters. NOTE: this issue exists because of an...

CVE-2022-38730

Docker Desktop for Windows before 4.6 allows attackers to overwrite any file through the windowscontainers/start dockerBackendV2 API by controlling the data-root field inside the DaemonJSON field in the WindowsContainerStartRequest class. This allows exploiting a symlink vulnerability in...