A successful attempt to exploit this vulnerability requires the attacker to insert an executable file into the service path undetected by the OS or some security application. When restarting the service or the system, the inserted executable will run with elevated privileges.
A successful attempt to exploit this vulnerability requires the attacker to insert an executable file into the service path undetected by the OS or some security application. When restarting the service or the system, the inserted executable will run with elevated privileges.
The 'Winstep Xtreme Service' in Winstep 18.06.0096 has an unquoted service path vulnerability. This could allow an attacker to escalate privileges by placing a malicious executable in the path.
The 'Service KMSELDI' service in KMSpico 17.1.0.0 has an unquoted service path vulnerability. An attacker with local access can exploit this vulnerability to escalate privileges and potentially execute arbitrary code.
A successful attempt to exploit this vulnerability requires the attacker to insert an executable file into the service path undetected by the OS or some security application. When restarting the service or the system, the inserted executable will run with elevated privileges.
Platinum 4410 router from Genexis with hardware version V2.1 and software version P4410-V2-1.28 is vulnerable to Broken Access Control and CSRF. This vulnerability allows an attacker to remotely change the WIFI access point's password by sending a specially crafted link to the victim while they are connected to the vulnerable router's WiFi network.
This exploit takes advantage of a format strings bug in the fLog() function of the Linux eXtremail smtpd to bind a root shell to port 36864 on the target eXtremail server.
RCE via stack-based overflow on TP-Link WDR4300 (N750) devices, using CVE-2017-13772.
The iDS6 DSSPro Digital Signage System 6.2 allows users to perform actions via HTTP requests without validity checks, leading to potential CSRF attacks. An attacker can exploit this vulnerability to perform actions with administrative privileges when a logged-in user visits a malicious website.
Local File Inclusion in Processwire CMS 2.4.0 allows to retrieve arbitrary files via the download parameter to index.php By providing a specially crafted path to the vulnerable parameter, a remote attacker can retrieve the contents of sensitive files on the local system.
Services By CQR