Arcserve UDP from version 7.0 to 9.0 allows authentication bypass. The method getVersionInfo in WebServiceImpl/services/FlashServiceImpl exposes the AuthUUID token. This token can be used at /WebServiceImpl/services/VirtualStandbyServiceImpl to obtain a valid session. It is also possible to obtain administrator credentials.
An authentication bypass vulnerability in Jetbrains TeamCity allows unauthenticated remote attackers to execute system commands.
A .NET deserialization vulnerability in Progress WS_FTP Server allows unauthenticated remote attackers to execute system commands.
A vulnerability exists in the file history service, which runs as system, and can be exploited to elevate from ordinary users to system privileges.
Unauthenticated OS Command Injection in evictPublishedSupportBundles function of ScriptUtils class of VMWare Aria Operations for Networks (aka vRealize Network Insight)
The vulnerability exists due to application does not properly impose security restrictions in Windows Error Reporting Service, which leads to security restrictions bypass and privilege escalation and allows a local user (non included in Administrator group) to escalate privileges to NT AUTHORITY/SYSTEM.
This version adds BOF support.
This version adds BOF support.
A critical vulnerability, identified and cataloged as CVE-2023-38831, has been discovered. This vulnerability allows attackers to create modified RAR or ZIP archives that contain both harmless files and malicious ones. The malicious files are typically scripts located within a folder that shares the same name as the harmless file.
WinRAR RCE before versions 6.23
WinRAR RCE before versions 6.23
An SQL Injection Vulnerability in Progress MOVEit Transfer allows unauthenticated remote attackers to execute system commands.
This module exploits a remote stack-based buffer overflow in Wavelink Avalanche Manager by sending a malformed packet to the 1777/TCP port.
An elevation of privilege vulnerability exists due to the Windows kernel improperly validating input passed from user mode to the kernel. The vulnerability could allow an attacker to run code with elevated privileges.