16 matches found
EUVD-2018-7375
Malware in sbrugna...
EUVD-2021-18734
Malware in sbrugna...
CVE-2022-38176
An issue was discovered in YSoft SAFEQ 6 before 6.0.72. Incorrect privileges were configured as part of the installer package for the Client V3 services, allowing for local user privilege escalation by overwriting the executable file via an alternative data stream. NOTE: this is not the same as...
CVE-2021-31859
Incorrect privileges in the MU55 FlexiSpooler service in YSoft SafeQ 6 6.0.55 allows local user privilege escalation by overwriting the executable file via an alternative data stream...
CVE-2022-23861
Multiple Stored Cross-Site Scripting vulnerabilities were discovered in Y Soft SAFEQ 6 Build 53. Multiple fields in the YSoft SafeQ web application can be used to inject malicious inputs that, due to a lack of output sanitization, result in the execution of arbitrary JS code. These fields can be...
CVE-2023-35833
An issue was discovered in YSoft SAFEQ 6 Server before 6.0.82. When modifying the URL of the LDAP server configuration from LDAPS to LDAP, the system does not require the password to be reentered. This results in exposing cleartext credentials when connecting to a rogue LDAP server. NOTE: the...
CVE-2023-35833
An issue was discovered in YSoft SAFEQ 6 Server before 6.0.82. When modifying the URL of the LDAP server configuration from LDAPS to LDAP, the system does not require the password to be reentered. This results in exposing cleartext credentials when connecting to a rogue LDAP server. NOTE: the...
PT-2023-25335 · Ysoft · Ysoft Safeq 6 Server
Name of the Vulnerable Software and Affected Versions: YSoft SAFEQ 6 Server versions prior to 6.0.82 Description: An issue was discovered in YSoft SAFEQ 6 Server where modifying the URL of the LDAP server configuration from LDAPS to LDAP does not require the password to be reentered. This results...
CVE-2022-38176
An issue was discovered in YSoft SAFEQ 6 before 6.0.72. Incorrect privileges were configured as part of the installer package for the Client V3 services, allowing for local user privilege escalation by overwriting the executable file via an alternative data stream. NOTE: this is not the same as...
Privilege escalation
An issue was discovered in YSoft SAFEQ 6 before 6.0.72. Incorrect privileges were configured as part of the installer package for the Client V3 services, allowing for local user privilege escalation by overwriting the executable file via an alternative data stream. NOTE: this is not the same as...
CVE-2022-38176
YSoft SAFEQ 6 before 6.0.72 contains an installer privilege issue for the Client V3 services. The root cause is incorrect privileges configured in the installer package, enabling local privilege escalation by overwriting the executable via an alternate data stream. Impact is local, with high conf...
CVE-2022-38176
An issue was discovered in YSoft SAFEQ 6 before 6.0.72. Incorrect privileges were configured as part of the installer package for the Client V3 services, allowing for local user privilege escalation by overwriting the executable file via an alternative data stream. NOTE: this is not the same as...
Privilege escalation
Incorrect privileges in the MU55 FlexiSpooler service in YSoft SafeQ 6 6.0.55 allows local user privilege escalation by overwriting the executable file via an alternative data stream...
CVE-2021-31859
CVE-2021-31859 affects YSoft SafeQ 6 MU55 FlexiSpooler (version 6.0.55). The vulnerability is described as incorrect privileges in the MU55 FlexiSpooler service that enables local privilege escalation by overwriting the executable file via an alternate data stream. The available documents confirm...
CVE-2021-31859
Incorrect privileges in the MU55 FlexiSpooler service in YSoft SafeQ 6 6.0.55 allows local user privilege escalation by overwriting the executable file via an alternative data stream...
Design/Logic Flaw
YSoft SafeQ Server 6 allows a replay attack...