National Vulnerability Database

National Vulnerability Database

National Vulnerability

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): %s
There are 45 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14). At 0x1e3f0 the extracted dns value from the xml file is used as an argument to /etc/config-tools/edit_dns_server %s dns-server-nr=%d dns-server-name=<contents of dns node> using sprintf(). This command is later executed via a call to system(). This is done in a loop and there is no limit to how many dns entries will be parsed from the xml file.

Published: March 11, 2020; 06:27:41 PM -04:00
V3.1: 7.8 HIGH
    V2: 7.2 HIGH

In IXP EasyInstall 6.2.13723, there is Lateral Movement (using the Agent Service) against other users on a client system. An authenticated attacker can, by modifying %SYSTEMDRIVE%\IXP\SW\[PACKAGE_CODE]\EveryLogon.bat, achieve this movement and execute code in the context of other users.

Published: January 23, 2020; 04:15:12 PM -05:00
V3.1: 7.8 HIGH
    V2: 4.6 MEDIUM

In IXP EasyInstall 6.2.13723, it is possible to temporarily disable UAC by using the Agent Service on a client system. An authenticated attacker (non-admin) can disable UAC for other users by renaming and replacing %SYSTEMDRIVE%\IXP\DATA\IXPAS.IXP.

Published: January 23, 2020; 04:15:12 PM -05:00
V3.1: 5.5 MEDIUM
    V2: 2.1 LOW

Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan horse %SYSTEMDRIVE%\node_modules\.bin\wmic.exe file.

Published: December 24, 2019; 10:15:11 AM -05:00
V3.1: 7.3 HIGH
    V2: 6.9 MEDIUM

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 21/03/2019 devices. There is post-authenticated denial of service leading to the reboot of the AP via the admin.cgi?action=%s URI.

Published: August 08, 2019; 10:15:11 AM -04:00
V3.0: 5.5 MEDIUM
    V2: 4.9 MEDIUM

An issue was discovered in Bitdefender products for Windows (Bitdefender Endpoint Security Tool versions prior to; and Bitdefender Antivirus Plus, Bitdefender Internet Security, and Bitdefender Total Security versions prior to that can lead to local code injection. A local attacker with administrator privileges can create a malicious DLL file in %SystemRoot%\System32\ that will be executed with local user privileges.

Published: July 30, 2019; 02:15:16 PM -04:00
V3.0: 6.7 MEDIUM
    V2: 7.2 HIGH
CVE-2019-1010220 tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: "ND_PRINT((ndo, "%s", buf));", in function named "print_prefix", in "print-hncp.c". The attack vector is: The victim must open a specially crafted pcap file.

Published: July 22, 2019; 02:15:11 PM -04:00
V3.0: 3.3 LOW
    V2: 4.3 MEDIUM

The ABB IDAL FTP server mishandles format strings in a username during the authentication process. Attempting to authenticate with the username %s%p%x%d will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack.

Published: June 24, 2019; 01:15:10 PM -04:00
V3.0: 8.8 HIGH
    V2: 5.8 MEDIUM

Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current directory upon system start. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\SYSTEM. This affects Desktop Central 10.0.380, EventLog Analyzer 12.0.2, ServiceDesk Plus 10.0.0, SupportCenter Plus 8.1, O365 Manager Plus 4.0, Mobile Device Manager Plus 9.0.0, Patch Connect Plus 9.0.0, Vulnerability Manager Plus 9.0.0, Patch Manager Plus 9.0.0, OpManager 12.3, NetFlow Analyzer 11.0, OpUtils 11.0, Network Configuration Manager 11.0, FireWall 12.0, Key Manager Plus 5.6, Password Manager Pro 9.9, Analytics Plus 1.0, and Browser Security Plus.

Published: June 18, 2019; 06:15:12 PM -04:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH

An issue was discovered on Dongguan Diqee Diqee360 devices. The affected vacuum cleaner suffers from an authenticated remote code execution vulnerability. An authenticated attacker can send a specially crafted UDP packet, and execute commands on the vacuum cleaner as root. The bug is in the function REQUEST_SET_WIFIPASSWD (UDP command 153). A crafted UDP packet runs "/mnt/skyeye/ %s" with an attacker controlling the %s variable. In some cases, authentication can be achieved with the default password of 888888 for the admin account.

Published: July 05, 2018; 04:29:00 PM -04:00
V3.0: 7.5 HIGH
    V2: 8.5 HIGH

An issue was discovered in DisplayLink Core Software Cleaner Application 8.2.1956. When the drivers are updated to a newer version, the product launches a process as SYSTEM to uninstall the old version: cl_1956.exe is run as SYSTEM on the %systemroot%\Temp folder, where any user can write a DLL (e.g., version.dll) to perform DLL Hijacking and elevate privileges to SYSTEM.

Published: June 05, 2018; 05:29:01 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH

The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable.

Published: May 10, 2018; 10:29:00 AM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM

A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\ProgramData) to permit execution of unauthorized applications including malware and malicious websites. Files blacklisted by Malwarebytes Malware Protect can be executed, and domains blacklisted by Malwarebytes Web Protect can be reached through HTTP.

Published: March 21, 2018; 05:29:00 PM -04:00
V3.0: 7.8 HIGH
    V2: 4.6 MEDIUM

Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and ptaReadStream functions.

Published: February 16, 2018; 11:29:00 AM -05:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH

In audioserver, there is an out-of-bounds write due to a log statement using %s with an array that may not be NULL terminated. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68953950.

Published: February 12, 2018; 02:29:00 PM -05:00
V3.0: 7.5 HIGH
    V2: 7.8 HIGH

fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER.

Published: February 09, 2018; 05:29:00 PM -05:00
V3.0: 7.8 HIGH
    V2: 4.3 MEDIUM

Unquoted Windows search path vulnerability in NSClient++ before allows non-privileged local users to execute arbitrary code with elevated privileges on the system via a malicious program.exe executable in the %SYSTEMDRIVE% folder.

Published: January 31, 2018; 11:29:00 AM -05:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH

The agent in Bomgar Remote Support 15.2.x before 15.2.3, 16.1.x before 16.1.5, and 16.2.x before 16.2.4 allows DLL hijacking because of weak %SYSTEMDRIVE%\ProgramData permissions.

Published: October 26, 2017; 02:29:00 PM -04:00
V3.1: 7.8 HIGH
    V2: 9.3 HIGH

In Adam Kropelin adk0212 APC UPS Daemon through 3.14.14, the default installation of APCUPSD allows a local authenticated, but unprivileged, user to run arbitrary code with elevated privileges by replacing the service executable apcupsd.exe with a malicious executable that will run with SYSTEM privileges at startup. This occurs because of "RW NT AUTHORITY\Authenticated Users" permissions for %SYSTEMDRIVE%\apcupsd\bin\apcupsd.exe.

Published: June 16, 2017; 09:29:00 AM -04:00
V3.0: 8.4 HIGH
    V2: 7.2 HIGH

Net Monitor for Employees Pro through 5.3.4 has an unquoted service path, which allows a Security Feature Bypass of its documented "Block applications" design goal. The local attacker must have privileges to write to program.exe in a protected directory, such as the %SYSTEMDRIVE% directory, and thus the issue is not interpreted as a direct privilege escalation. However, the local attacker might have the goal of executing program.exe even though program.exe is a blocked application.

Published: June 08, 2017; 08:29:00 AM -04:00
V3.0: 7.3 HIGH
    V2: 6.9 MEDIUM