ZKSecurity BIO version 3.0.5.0_R suffers from a privilege escalation vulnerability.
b6d43dcace9b3768b3e0de50fde36243efa24ef1737964b40fee68c99c229b39ZKSecurity BIO version 4.1.2 suffers from a remote SQL injection vulnerability that can allow for remote code execution.
2f5ddba7cf7e3024ddc6ad5a39968b8c149a652831c65c828f1565ea29f0e84dA local privilege escalation issue was discovered in Avast Secure Browser version 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe (which is running as NT AUTHORITY\SYSTEM) when AvastSecureBrowser.exe checks for new updates.
c3807d4734d35255ec28f3968e435a787e351216fcadf4013c873c8d1ea9df67Trend Maximum Security 2019 suffers from an unquoted search path vulnerability. This application provides an unquoted path in the parameter lpApplicationName of the function CreateProcessW during process create PwmConsole.exe --- which is triggered from the feature PC Health Checkup. If an attacker has write permissions to C:\ or C:\Program Files\, it could deliver an arbitrary executable named Program.exe or Trend.exe which would be executed by the coreServiceShell process. coreServiceShell is a privileged process that will run Program.exe with same privilege.
52269680ae8182e23a23e0158bbab33cb0478d44d1cb16eba85bdedcdf6abff8Avira Free Security Suite 2019 Software Updater version 2.0.6.13175 suffers from an improper access control that allows for arbitrary file write that can allow an unprivileged user to obtain SYSTEM privileges.
69fdf1c757c972b00a6ac38b381268805e095c1577ed18107e11edadd414cc65Responsive File Manager 9.13.1 suffers from a file disclosure vulnerability.
a0598e0befd3209a3e660c506e8f28daba34f7c66b0a9530ad9b38a5c5b76222
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed