Carlo Di Dato

6 exploits Active since Aug 2023
CVE-2023-31069 EXPLOITDB CRITICAL text WRITEUP
TSplus Remote Access <16.0.2.14 - Info Disclosure
An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within the HTML source code of the login page.
CVSS 9.8
CVE-2023-31068 EXPLOITDB CRITICAL text WRITEUP
TSplus Remote Access <16.0.2.14 - Info Disclosure
An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\TSplus\UserDesktop\themes.
CVSS 9.8
CVE-2023-31067 EXPLOITDB CRITICAL text WRITEUP
TSplus Remote Access <16.0.2.14 - Info Disclosure
An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\TSplus\Clients\www.
CVSS 9.8
EIP-2026-117635 EXPLOITDB python WRITEUP
Mozilla Firefox 88.0.1 - File Extension Execution of Arbitrary Code
CVE-2022-47636 EXPLOITDB HIGH text WRITEUP
Outsystems Service Studio - Uncontrolled Search Path
A DLL hijacking vulnerability has been discovered in OutSystems Service Studio 11 11.53.30 build 61739. When a user open a .oml file (OutSystems Modeling Language), the application will load the following DLLs from the same directory av_libGLESv2.dll, libcef.DLL, user32.dll, and d3d10warp.dll. Using a crafted DLL, it is possible to execute arbitrary code in the context of the current logged in user.
CVSS 7.8
CVE-2023-31468 EXPLOITDB HIGH text WRITEUP
Inosoft VisiWin <2022-2.1 - Privilege Escalation
An issue was discovered in Inosoft VisiWin 7 through 2022-2.1 (Runtime RT7.3 RC3 20221209.5). The "%PROGRAMFILES(X86)%\INOSOFT GmbH" folder has weak permissions for Everyone, allowing an attacker to insert a Trojan horse file that runs as SYSTEM. 2024-1 is a fixed version.
CVSS 7.8