Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
14 vulnerabilities found for 360_total_security by 360totalsecurity
CVE-2024-22014 (GCVE-0-2024-22014)
Vulnerability from nvd – Published: 2024-04-15 00:00 – Updated: 2025-03-13 19:54
VLAI
Summary
An issue discovered in 360 Total Security Antivirus through 11.0.0.1061 for Windows allows attackers to gain escalated privileges via Symbolic Link Follow to Arbitrary File Delete.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-61 - UNIX Symbolic Link (Symlink) Following
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| 360totalsecurity | antivirus |
Affected:
0 , ≤ 11.0.0.1061
(custom)
cpe:2.3:a:360totalsecurity:antivirus:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mansk1es/CVE_360TS"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:360totalsecurity:antivirus:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "antivirus",
"vendor": "360totalsecurity",
"versions": [
{
"lessThanOrEqual": "11.0.0.1061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-22014",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T20:23:00.922325Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61 UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T19:54:44.154Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in 360 Total Security Antivirus through 11.0.0.1061 for Windows allows attackers to gain escalated privileges via Symbolic Link Follow to Arbitrary File Delete."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-15T17:53:43.891Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/mansk1es/CVE_360TS"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-22014",
"datePublished": "2024-04-15T00:00:00.000Z",
"dateReserved": "2024-01-03T00:00:00.000Z",
"dateUpdated": "2025-03-13T19:54:44.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33973 (GCVE-0-2021-33973)
Vulnerability from nvd – Published: 2023-04-19 00:00 – Updated: 2025-02-05 16:07
VLAI
Summary
Buffer Overflow vulnerability in Qihoo 360 Safe guard v12.1.0.1004, v12.1.0.1005, v13.1.0.1001 allows attacker to escalate priveleges.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:05:52.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://MemoryCorruptor.blogspot.com/p/vulnerabilities-disclosures.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.youtube.com/channel/UCLJ6fZxUqbmPe4jiwC6o4hg/"
},
{
"tags": [
"x_transferred"
],
"url": "https://pastebin.com/fsLDebg5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-33973",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T16:06:16.163007Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T16:07:17.427Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in Qihoo 360 Safe guard v12.1.0.1004, v12.1.0.1005, v13.1.0.1001 allows attacker to escalate priveleges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-19T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://MemoryCorruptor.blogspot.com/p/vulnerabilities-disclosures.html"
},
{
"url": "https://www.youtube.com/channel/UCLJ6fZxUqbmPe4jiwC6o4hg/"
},
{
"url": "https://pastebin.com/fsLDebg5"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33973",
"datePublished": "2023-04-19T00:00:00.000Z",
"dateReserved": "2021-06-07T00:00:00.000Z",
"dateUpdated": "2025-02-05T16:07:17.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15724 (GCVE-0-2020-15724)
Vulnerability from nvd – Published: 2020-07-21 17:36 – Updated: 2024-08-04 13:22
VLAI
Summary
In the version 12.1.0.1005 and below of 360 Total Security, when the Gamefolde calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system.
Severity
No CVSS data available.
CWE
- local privilege escalation vulnerability
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security.360.cn/News/news/id/232 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | 360 Total Security |
Affected:
12.1.0.1005
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:22:30.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.360.cn/News/news/id/232"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "360 Total Security",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "12.1.0.1005"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the version 12.1.0.1005 and below of 360 Total Security, when the Gamefolde calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "local privilege escalation vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-21T17:36:16.000Z",
"orgId": "40f8fa2f-7875-43d0-a30e-e901a5537754",
"shortName": "360ST"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.360.cn/News/news/id/232"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@360.cn",
"ID": "CVE-2020-15724",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "360 Total Security",
"version": {
"version_data": [
{
"version_value": "12.1.0.1005"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the version 12.1.0.1005 and below of 360 Total Security, when the Gamefolde calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "local privilege escalation vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.360.cn/News/news/id/232",
"refsource": "MISC",
"url": "https://security.360.cn/News/news/id/232"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "40f8fa2f-7875-43d0-a30e-e901a5537754",
"assignerShortName": "360ST",
"cveId": "CVE-2020-15724",
"datePublished": "2020-07-21T17:36:16.000Z",
"dateReserved": "2020-07-14T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:22:30.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15722 (GCVE-0-2020-15722)
Vulnerability from nvd – Published: 2020-07-21 17:10 – Updated: 2024-08-04 13:22
VLAI
Summary
In version 12.1.0.1004 and below of 360 Total Security,when TPI calls the browser process, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking could execute arbitrary code on the Local system.
Severity
No CVSS data available.
CWE
- local privilege escalation vulnerability
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security.360.cn/News/news/id/232 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | 360 Total Security |
Affected:
12.1.0.1004
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:22:30.838Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.360.cn/News/news/id/232"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "360 Total Security",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "12.1.0.1004"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In version 12.1.0.1004 and below of 360 Total Security,when TPI calls the browser process, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking could execute arbitrary code on the Local system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "local privilege escalation vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-21T17:10:21.000Z",
"orgId": "40f8fa2f-7875-43d0-a30e-e901a5537754",
"shortName": "360ST"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.360.cn/News/news/id/232"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@360.cn",
"ID": "CVE-2020-15722",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "360 Total Security",
"version": {
"version_data": [
{
"version_value": "12.1.0.1004"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In version 12.1.0.1004 and below of 360 Total Security,when TPI calls the browser process, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking could execute arbitrary code on the Local system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "local privilege escalation vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.360.cn/News/news/id/232",
"refsource": "MISC",
"url": "https://security.360.cn/News/news/id/232"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "40f8fa2f-7875-43d0-a30e-e901a5537754",
"assignerShortName": "360ST",
"cveId": "CVE-2020-15722",
"datePublished": "2020-07-21T17:10:21.000Z",
"dateReserved": "2020-07-14T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:22:30.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15723 (GCVE-0-2020-15723)
Vulnerability from nvd – Published: 2020-07-21 17:04 – Updated: 2024-08-04 13:22
VLAI
Summary
In the version 12.1.0.1004 and below of 360 Total Security, when the main process of 360 Total Security calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system.
Severity
No CVSS data available.
CWE
- local privilege escalation vulnerability
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security.360.cn/News/news/id/232 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | 360 Total Security |
Affected:
12.1.0.1004
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:22:30.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.360.cn/News/news/id/232"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "360 Total Security",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "12.1.0.1004"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the version 12.1.0.1004 and below of 360 Total Security, when the main process of 360 Total Security calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "local privilege escalation vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-21T17:04:50.000Z",
"orgId": "40f8fa2f-7875-43d0-a30e-e901a5537754",
"shortName": "360ST"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.360.cn/News/news/id/232"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@360.cn",
"ID": "CVE-2020-15723",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "360 Total Security",
"version": {
"version_data": [
{
"version_value": "12.1.0.1004"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the version 12.1.0.1004 and below of 360 Total Security, when the main process of 360 Total Security calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "local privilege escalation vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.360.cn/News/news/id/232",
"refsource": "MISC",
"url": "https://security.360.cn/News/news/id/232"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "40f8fa2f-7875-43d0-a30e-e901a5537754",
"assignerShortName": "360ST",
"cveId": "CVE-2020-15723",
"datePublished": "2020-07-21T17:04:50.000Z",
"dateReserved": "2020-07-14T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:22:30.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18603 (GCVE-0-2018-18603)
Vulnerability from nvd – Published: 2018-10-23 16:00 – Updated: 2024-08-05 11:15 Disputed
VLAI
Summary
360 Total Security 3.5.0.1033 allows a Sandbox Escape via an "import os" statement, followed by os.system("CMD") or os.system("PowerShell"), within a .py file. NOTE: the vendor's position is that this cannot be categorized as a vulnerability, although it is a security-related issue
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/sandboxescape/360-3.5.0.1033-S… | x_refsource_MISC |
Date Public
2018-10-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:15:59.853Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sandboxescape/360-3.5.0.1033-Sandbox-Escape-Exploit/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "360 Total Security 3.5.0.1033 allows a Sandbox Escape via an \"import os\" statement, followed by os.system(\"CMD\") or os.system(\"PowerShell\"), within a .py file. NOTE: the vendor\u0027s position is that this cannot be categorized as a vulnerability, although it is a security-related issue"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-24T17:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sandboxescape/360-3.5.0.1033-Sandbox-Escape-Exploit/"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** 360 Total Security 3.5.0.1033 allows a Sandbox Escape via an \"import os\" statement, followed by os.system(\"CMD\") or os.system(\"PowerShell\"), within a .py file. NOTE: the vendor\u0027s position is that this cannot be categorized as a vulnerability, although it is a security-related issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sandboxescape/360-3.5.0.1033-Sandbox-Escape-Exploit/",
"refsource": "MISC",
"url": "https://github.com/sandboxescape/360-3.5.0.1033-Sandbox-Escape-Exploit/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18603",
"datePublished": "2018-10-23T16:00:00.000Z",
"dateReserved": "2018-10-23T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:15:59.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12653 (GCVE-0-2017-12653)
Vulnerability from nvd – Published: 2017-08-07 18:00 – Updated: 2024-09-16 16:53
VLAI
Summary
360 Total Security 9.0.0.1202 before 2017-07-07 allows Privilege Escalation via a Trojan horse Shcore.dll file in any directory in the PATH, as demonstrated by the C:\Python27 directory.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://blogs.securiteam.com/index.php/archives/3… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:43:56.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blogs.securiteam.com/index.php/archives/3314#more-3314"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "360 Total Security 9.0.0.1202 before 2017-07-07 allows Privilege Escalation via a Trojan horse Shcore.dll file in any directory in the PATH, as demonstrated by the C:\\Python27 directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T18:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blogs.securiteam.com/index.php/archives/3314#more-3314"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12653",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "360 Total Security 9.0.0.1202 before 2017-07-07 allows Privilege Escalation via a Trojan horse Shcore.dll file in any directory in the PATH, as demonstrated by the C:\\Python27 directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.securiteam.com/index.php/archives/3314#more-3314",
"refsource": "MISC",
"url": "https://blogs.securiteam.com/index.php/archives/3314#more-3314"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12653",
"datePublished": "2017-08-07T18:00:00.000Z",
"dateReserved": "2017-08-07T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:53:47.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22014 (GCVE-0-2024-22014)
Vulnerability from cvelistv5 – Published: 2024-04-15 00:00 – Updated: 2025-03-13 19:54
VLAI
Summary
An issue discovered in 360 Total Security Antivirus through 11.0.0.1061 for Windows allows attackers to gain escalated privileges via Symbolic Link Follow to Arbitrary File Delete.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-61 - UNIX Symbolic Link (Symlink) Following
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| 360totalsecurity | antivirus |
Affected:
0 , ≤ 11.0.0.1061
(custom)
cpe:2.3:a:360totalsecurity:antivirus:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mansk1es/CVE_360TS"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:360totalsecurity:antivirus:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "antivirus",
"vendor": "360totalsecurity",
"versions": [
{
"lessThanOrEqual": "11.0.0.1061",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-22014",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T20:23:00.922325Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61 UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T19:54:44.154Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in 360 Total Security Antivirus through 11.0.0.1061 for Windows allows attackers to gain escalated privileges via Symbolic Link Follow to Arbitrary File Delete."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-15T17:53:43.891Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/mansk1es/CVE_360TS"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-22014",
"datePublished": "2024-04-15T00:00:00.000Z",
"dateReserved": "2024-01-03T00:00:00.000Z",
"dateUpdated": "2025-03-13T19:54:44.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33973 (GCVE-0-2021-33973)
Vulnerability from cvelistv5 – Published: 2023-04-19 00:00 – Updated: 2025-02-05 16:07
VLAI
Summary
Buffer Overflow vulnerability in Qihoo 360 Safe guard v12.1.0.1004, v12.1.0.1005, v13.1.0.1001 allows attacker to escalate priveleges.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:05:52.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://MemoryCorruptor.blogspot.com/p/vulnerabilities-disclosures.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.youtube.com/channel/UCLJ6fZxUqbmPe4jiwC6o4hg/"
},
{
"tags": [
"x_transferred"
],
"url": "https://pastebin.com/fsLDebg5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-33973",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T16:06:16.163007Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T16:07:17.427Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in Qihoo 360 Safe guard v12.1.0.1004, v12.1.0.1005, v13.1.0.1001 allows attacker to escalate priveleges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-19T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://MemoryCorruptor.blogspot.com/p/vulnerabilities-disclosures.html"
},
{
"url": "https://www.youtube.com/channel/UCLJ6fZxUqbmPe4jiwC6o4hg/"
},
{
"url": "https://pastebin.com/fsLDebg5"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33973",
"datePublished": "2023-04-19T00:00:00.000Z",
"dateReserved": "2021-06-07T00:00:00.000Z",
"dateUpdated": "2025-02-05T16:07:17.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15724 (GCVE-0-2020-15724)
Vulnerability from cvelistv5 – Published: 2020-07-21 17:36 – Updated: 2024-08-04 13:22
VLAI
Summary
In the version 12.1.0.1005 and below of 360 Total Security, when the Gamefolde calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system.
Severity
No CVSS data available.
CWE
- local privilege escalation vulnerability
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security.360.cn/News/news/id/232 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | 360 Total Security |
Affected:
12.1.0.1005
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:22:30.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.360.cn/News/news/id/232"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "360 Total Security",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "12.1.0.1005"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the version 12.1.0.1005 and below of 360 Total Security, when the Gamefolde calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "local privilege escalation vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-21T17:36:16.000Z",
"orgId": "40f8fa2f-7875-43d0-a30e-e901a5537754",
"shortName": "360ST"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.360.cn/News/news/id/232"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@360.cn",
"ID": "CVE-2020-15724",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "360 Total Security",
"version": {
"version_data": [
{
"version_value": "12.1.0.1005"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the version 12.1.0.1005 and below of 360 Total Security, when the Gamefolde calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "local privilege escalation vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.360.cn/News/news/id/232",
"refsource": "MISC",
"url": "https://security.360.cn/News/news/id/232"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "40f8fa2f-7875-43d0-a30e-e901a5537754",
"assignerShortName": "360ST",
"cveId": "CVE-2020-15724",
"datePublished": "2020-07-21T17:36:16.000Z",
"dateReserved": "2020-07-14T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:22:30.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15722 (GCVE-0-2020-15722)
Vulnerability from cvelistv5 – Published: 2020-07-21 17:10 – Updated: 2024-08-04 13:22
VLAI
Summary
In version 12.1.0.1004 and below of 360 Total Security,when TPI calls the browser process, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking could execute arbitrary code on the Local system.
Severity
No CVSS data available.
CWE
- local privilege escalation vulnerability
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security.360.cn/News/news/id/232 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | 360 Total Security |
Affected:
12.1.0.1004
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:22:30.838Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.360.cn/News/news/id/232"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "360 Total Security",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "12.1.0.1004"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In version 12.1.0.1004 and below of 360 Total Security,when TPI calls the browser process, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking could execute arbitrary code on the Local system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "local privilege escalation vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-21T17:10:21.000Z",
"orgId": "40f8fa2f-7875-43d0-a30e-e901a5537754",
"shortName": "360ST"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.360.cn/News/news/id/232"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@360.cn",
"ID": "CVE-2020-15722",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "360 Total Security",
"version": {
"version_data": [
{
"version_value": "12.1.0.1004"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In version 12.1.0.1004 and below of 360 Total Security,when TPI calls the browser process, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking could execute arbitrary code on the Local system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "local privilege escalation vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.360.cn/News/news/id/232",
"refsource": "MISC",
"url": "https://security.360.cn/News/news/id/232"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "40f8fa2f-7875-43d0-a30e-e901a5537754",
"assignerShortName": "360ST",
"cveId": "CVE-2020-15722",
"datePublished": "2020-07-21T17:10:21.000Z",
"dateReserved": "2020-07-14T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:22:30.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15723 (GCVE-0-2020-15723)
Vulnerability from cvelistv5 – Published: 2020-07-21 17:04 – Updated: 2024-08-04 13:22
VLAI
Summary
In the version 12.1.0.1004 and below of 360 Total Security, when the main process of 360 Total Security calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system.
Severity
No CVSS data available.
CWE
- local privilege escalation vulnerability
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security.360.cn/News/news/id/232 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | 360 Total Security |
Affected:
12.1.0.1004
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:22:30.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.360.cn/News/news/id/232"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "360 Total Security",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "12.1.0.1004"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the version 12.1.0.1004 and below of 360 Total Security, when the main process of 360 Total Security calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "local privilege escalation vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-21T17:04:50.000Z",
"orgId": "40f8fa2f-7875-43d0-a30e-e901a5537754",
"shortName": "360ST"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.360.cn/News/news/id/232"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@360.cn",
"ID": "CVE-2020-15723",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "360 Total Security",
"version": {
"version_data": [
{
"version_value": "12.1.0.1004"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the version 12.1.0.1004 and below of 360 Total Security, when the main process of 360 Total Security calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "local privilege escalation vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.360.cn/News/news/id/232",
"refsource": "MISC",
"url": "https://security.360.cn/News/news/id/232"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "40f8fa2f-7875-43d0-a30e-e901a5537754",
"assignerShortName": "360ST",
"cveId": "CVE-2020-15723",
"datePublished": "2020-07-21T17:04:50.000Z",
"dateReserved": "2020-07-14T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:22:30.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18603 (GCVE-0-2018-18603)
Vulnerability from cvelistv5 – Published: 2018-10-23 16:00 – Updated: 2024-08-05 11:15 Disputed
VLAI
Summary
360 Total Security 3.5.0.1033 allows a Sandbox Escape via an "import os" statement, followed by os.system("CMD") or os.system("PowerShell"), within a .py file. NOTE: the vendor's position is that this cannot be categorized as a vulnerability, although it is a security-related issue
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/sandboxescape/360-3.5.0.1033-S… | x_refsource_MISC |
Date Public
2018-10-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:15:59.853Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sandboxescape/360-3.5.0.1033-Sandbox-Escape-Exploit/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "360 Total Security 3.5.0.1033 allows a Sandbox Escape via an \"import os\" statement, followed by os.system(\"CMD\") or os.system(\"PowerShell\"), within a .py file. NOTE: the vendor\u0027s position is that this cannot be categorized as a vulnerability, although it is a security-related issue"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-24T17:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sandboxescape/360-3.5.0.1033-Sandbox-Escape-Exploit/"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** 360 Total Security 3.5.0.1033 allows a Sandbox Escape via an \"import os\" statement, followed by os.system(\"CMD\") or os.system(\"PowerShell\"), within a .py file. NOTE: the vendor\u0027s position is that this cannot be categorized as a vulnerability, although it is a security-related issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sandboxescape/360-3.5.0.1033-Sandbox-Escape-Exploit/",
"refsource": "MISC",
"url": "https://github.com/sandboxescape/360-3.5.0.1033-Sandbox-Escape-Exploit/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18603",
"datePublished": "2018-10-23T16:00:00.000Z",
"dateReserved": "2018-10-23T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:15:59.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12653 (GCVE-0-2017-12653)
Vulnerability from cvelistv5 – Published: 2017-08-07 18:00 – Updated: 2024-09-16 16:53
VLAI
Summary
360 Total Security 9.0.0.1202 before 2017-07-07 allows Privilege Escalation via a Trojan horse Shcore.dll file in any directory in the PATH, as demonstrated by the C:\Python27 directory.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://blogs.securiteam.com/index.php/archives/3… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:43:56.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blogs.securiteam.com/index.php/archives/3314#more-3314"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "360 Total Security 9.0.0.1202 before 2017-07-07 allows Privilege Escalation via a Trojan horse Shcore.dll file in any directory in the PATH, as demonstrated by the C:\\Python27 directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T18:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blogs.securiteam.com/index.php/archives/3314#more-3314"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12653",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "360 Total Security 9.0.0.1202 before 2017-07-07 allows Privilege Escalation via a Trojan horse Shcore.dll file in any directory in the PATH, as demonstrated by the C:\\Python27 directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.securiteam.com/index.php/archives/3314#more-3314",
"refsource": "MISC",
"url": "https://blogs.securiteam.com/index.php/archives/3314#more-3314"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12653",
"datePublished": "2017-08-07T18:00:00.000Z",
"dateReserved": "2017-08-07T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:53:47.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}