Modpr0Be

#11418of 53,608
24.1Total CVSS
Vulnerabilities · 3
High
2
Critical
1
PT-2024-10551
9.1
2024-06-21
Unknown · Tftp Server · CVE-2012-6664
**Name of the Vulnerable Software and Affected Versions** Distinct Intranet Servers versions 3.10 and earlier **Description** The issue allows remote attackers to read or write arbitrary files via a .. (dot dot) in the (1) get or (2) put commands. This is due to multiple directory traversal vulnerabilities in the TFTP Server. **Recommendations** For Distinct Intranet Servers versions 3.10 and earlier, consider restricting access to the TFTP Server until a patch is available. As a temporary workaround, avoid using the get and put commands with .. (dot dot) sequences to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2019-15283
7.2
2019-10-20
Asus · Asus Rog Zephyrus M Gm501Gs · CVE-2019-18216
**Name of the Vulnerable Software and Affected Versions** ASUS ROG Zephyrus M GM501GS laptops with BIOS 313 **Description** The BIOS configuration design relies on the main battery, reducing the effectiveness of a protection mechanism that prohibits booting from a USB device. Attackers with physical access to the laptop can exhaust the main battery to reset the BIOS configuration and gain direct access to the hard drive by booting a live USB OS. **Recommendations** For ASUS ROG Zephyrus M GM501GS laptops with BIOS 313, consider restricting physical access to the laptop to minimize the risk of exploitation. As a temporary workaround, ensure the main battery is not exhausted to prevent unauthorized BIOS configuration resets. At the moment, there is no information about a newer version that contains a fix for this issue.
PT-2017-13589
7.8
2017-09-23
Cyberlink · Cyberlink Labelprint · CVE-2017-14627
**Name of the Vulnerable Software and Affected Versions** CyberLink LabelPrint version 2.5 **Description** The issue allows remote attackers to execute arbitrary code via specific parameters in an lpp project file, including the `author` and `name` parameters inside the INFORMATION tag, the `artist` parameter inside the TRACK tag, or the `default` parameter inside the TEXT tag. **Recommendations** For CyberLink LabelPrint version 2.5, consider avoiding the use of the `author`, `name`, `artist`, and `default` parameters in lpp project files until a fix is available. Restrict access to the lpp project file handling functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.