Advisory: Privilege Escalation via Service Binary Hijacking in Vivavis HIGH-LEIT (CVE-2024-38456)
September 2, 2024 #advisories
During a recent assessment, SCHUTZWERK discovered a vulnerability in HIGH-LEIT which allows privilege escalation.
During a recent assessment, SCHUTZWERK discovered a vulnerability in HIGH-LEIT which allows privilege escalation.
During an embedded security assessment, we identified a buffer overread vulnerability (CWE-126) in the DHCP implementation of U-Boot that could leak memory onto the network.
During an assessment, we discovered a local privilege escalation vulnerability in the custom OpenVPN client saConnect/saConnectService.
During a recent assessment, we discovered a vulnerability in Visual Planning, which allows an authenticated attacker to obtain read access to arbitrary files on the application server.
During a recent assessment, we discovered a critical vulnerability in Visual Planning, which allows a privilege escalation from non-administrative account to administrator level.
During a recent assessment, we discovered a critical vulnerability in Visual Planning, which allows to bypass the authentication.
During a recent assessment, we discovered a critical vulnerability in Visual Planning, which allows to bypass the REST API authentication.
During an assessment we discovered a stored cross-site-scripting vulnerability in the Papaya medical image viewer (CVE-2023-33255)
During a recent assessment, we discovered a critical vulnerability in Spryker Commerce OS, which allows SQL Injection.
During a recent assessment, we discovered a critical vulnerability in Spryker Commerce OS, which allows Remote Command Execution.