CVE-2023-1586

Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use TOCTOU vulnerability in the restore process leading to arbitrary file creation. The issue was fixed with Avast and AVG Antivirus version 22.11...

The vulnerability of the NPAPI plugin of the Firefox browser on Windows operating systems, which allows a hacker to circumvent security restrictions

The vulnerability of the NPAPI plugin of the Firefox browser on Windows operating systems is related to errors in security settings when creating a new account. Exploiting this vulnerability can allow a remote attacker to circumvent security restrictions...

Virtual Reception 1.0 Directory Traversal

Exploit Title: Virtual Reception v1.0 - Web Server Directory Traversal Exploit Author: Spinae Vendor Homepage: https://www.virtualreception.nl/ Version: win7sp1rtm.101119-1850 6.1.7601.1.0.65792 running on an Intel NUC5i5RY Tested on: all We discovered the web server of the Virtual Reception...

Virtual Reception v1.0 - Web Server Directory Traversal

Exploit Title: Virtual Reception v1.0 - Web Server Directory Traversal Exploit Author: Spinae Vendor Homepage: https://www.virtualreception.nl/ Version: win7sp1rtm.101119-1850 6.1.7601.1.0.65792 running on an Intel NUC5i5RY Tested on: all CVE-ID: CVE-2023-25289 We discovered the web server of the...

CVE-2023-28759

An issue was discovered in Veritas NetBackup before 10.0 on Windows. A vulnerability in the way the client validates the path to a DLL prior to loading may allow a lower-level user to elevate privileges and compromise the system...

K71891773: BIG-IP APM VPN vulnerability CVE-2021-23002

Security Advisory Description The session ID is visible in the arguments of the f5vpn.exe command when VPN is launched from the browser on a Windows system. Addressing this issue requires both the client and server fixes. CVE-2021-23002 Impact An attacker with privileges to view the command line ...

SUSE CVE-2018-5278

In Malwarebytes Premium 3.3.1.2183, the driver file FARFLT.SYS allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e00c. NOTE: the vendor reported that they "have not been able to reproduce the issu...

SUSE CVE-2021-0172

Improper input validation in firmware for some IntelR PROSet/Wireless Wi-Fi in multiple operating systems and some KillerTM Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access...

SUSE CVE-2022-21491

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Prior to 6.1.34. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...

Lenovo Diagnostics Driver Memory Access

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Lenovo Diagnostics Driver IOCTL memmove', 'Description' = %q Incorrect access control for the Lenovo Diagnostics Driver allows a low-privileged...

Microsoft Windows Win32k 安全漏洞

Microsoft Windows Win32k is a system file for Windows multi-user administration from Microsoft USA. A security vulnerability exists in Microsoft Windows Win32k. An attacker can exploit the vulnerability to elevate privileges...

Trellix Agent < 5.7.8 Privilege Escalation (SB10391)

The version of Trellix Agent, formerly McAfee Agent or McAfee Policy Orchestrator ePO Agent, installed on the remote host is prior to 5.7.8. It is, therefore, affected by an privilege escalation vulnerability due to an uncontrolled search path. An attacker with admin access to the affected host c...

CVE-2022-41261

SAP Solution Manager Diagnostic Agent - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains credentials to access other system files. Successful exploitation can make the attack...

CVE-2022-41261

SAP Solution Manager Diagnostic Agent - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains credentials to access other system files. Successful exploitation can make the attack...

Improper access control

SAP Solution Manager Diagnostic Agent - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains credentials to access other system files. Successful exploitation can make the attack...

CVE-2022-41261

SAP Solution Manager Diagnostic Agent - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains credentials to access other system files. Successful exploitation can make the attack...

Debian dla-3237 : node-tar - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3237 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3237-1 [email protected]...

CVE-2022-3724

Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows...

CVE-2022-3859

An uncontrolled search path vulnerability exists in Trellix Agent TA for Windows in versions prior to 5.7.8. This allows an attacker with admin access, which is required to place the DLL in the restricted Windows System folder, to elevate their privileges to System by placing a malicious DLL ther...

CVE-2022-26235

A vulnerability was discovered in the Remisol Advance v2.0.12.1 and below for the Normand Message Server. On installation, the permissions set by Remisol Advance allow non-privileged users to overwrite and/or manipulate executables and libraries that run as the elevated SYSTEM user on Windows...