Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Windows service used an uncontrolled search path element will cause unauthorized code execution with localsystem privileges
Vulnerability Description
When the service of ABP and AES is installed in a directory writable by non-administrative users, an attacker can replace or plant a DLL with the same name as one loaded by the service. Upon service restart, the malicious DLL is loaded and executed under the LocalSystem account, resulting in unauthorized code execution with elevated privileges. This issue affects ABP and AES: from ABP 2.0 through 2.0.7.9050, from AES 1.0 through 1.0.6.8290.
CVSS Information
N/A
Vulnerability Type
对搜索路径元素未加控制
Vulnerability Title
ASUSTOR Backup Plan(ABP)和ASUSTOR EZSync(AES) 安全漏洞
Vulnerability Description
ASUSTOR Backup Plan(ABP)和ASUSTOR EZSync(AES)都是中国台北华芸科技(ASUSTOR)公司的产品。ASUSTOR Backup Plan是一个Windows备份工具。ASUSTOR EZSync是一款为NAS设备实现双向文件同步的工具。 ASUSTOR Backup Plan(ABP) 2.0版本至2.0.7.9050版本和ASUSTOR EZSync(AES) 1.0版本至1.0.6.8290版本存在安全漏洞,该漏洞源于服务安装在非管理员用户可写目录,可能导致攻击
CVSS Information
N/A
Vulnerability Type
N/A