Asus GameSDK 1.0.0.4 Unquoted Service Path Vulnerability

Exploit Title: Asus GameSDK v1.0.0.4 - 'GameSDK.exe' Unquoted Service Path Privilege Escalation Exploit Author: Angelo Pio Amirante Version: 1.0.0.4 Tested on: Windows 10 Patched version: 1.0.5.0 CVE: CVE-2022-35899 Step to discover the unquoted service path: wmic service get...

CVE-2021-20435

The CVE-2021-20435 issue affects IBM Security Verify Bridge 1.0.5.0, where improper certificate validation can allow a local attacker to disclose sensitive information. The vulnerability arises from failing to properly validate certificates, enabling information disclosure that could aid further ...

Datto Windows Agent Command Execution Vulnerability

Datto Windows Agent DWA is a suite of Windows-based backup agent software from Datto, Inc. A command execution vulnerability exists in DWA version 1.0.5.0 and earlier. A remote attacker can exploit this vulnerability to execute commands with the help of malformed commands...

CVE-2017-16674

Datto Windows Agent allows unauthenticated remote command execution via a modified command in conjunction with CVE-2017-16673 exploitation, aka an attack with a malformed primary whitelisted command and a secondary non-whitelisted command. This affects Datto Windows Agent DWA 1.0.5.0 and earlier...