The LenovoDiagnosticsDriver.sys driver in the HardwareScanPlugin of Lenovo Vantage before 1.3.0.5 allow local non-privileged users (including low-integrity level processes) to read and write to arbitrary physical memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, via a function call such as MmMapIoSpace.
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavisd via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavisd automatically prefers it over cpio.
The cause of the vulnerability is due to the lack of a strict bounds check for the SignaturesOffset field in the Base Block for the base log file (BLF) in CLFS.sys.
Vulnerability is in code responsible for ClipboardChange event that can be reached through RPC. Local users can send data to RPC server which will then be written in Sysmon directory.
IBM i Access Family could allows to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Due to an unauthenticated endpoint that leverages XStream for input serialization in VMware NSX Manager, an attacker can get remote code execution in the context of 'root' user account on the appliance.
A java deserialization vulnerability and a blind XXE vulnerability allows unauthenticated remote attackers to execute system commands in Zoho ManageEngine ADAudit Plus.
An authentication bypass using an alternate path or channel vulnerability [CWE-288] in FortiOS, FortiProxy and FortiSwitchManager may allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
A SMB1 Client with write access to a share can cause server memory contents to be written into a file or printer.
This vulnerability allows an Arbitrary File Deletion in any protected folder.
Used in conjunction with other vulnerability that allows Arbitrary File Writing, an attacker could escalate from unprivileged user to SYSTEM.
Used in conjunction with other vulnerability that allows Arbitrary File Writing, an attacker could escalate from unprivileged user to SYSTEM.