26 matches found
CVE-2020-37232
Advanced System Care Service 13.0.0.157 contains an unquoted service path vulnerability in the AdvancedSystemCareService13 service binary path that allows local attackers to escalate privileges. Attackers can place malicious executables in the system root path that will be executed with LocalSyst...
CVE-2020-37232 Advanced System Care Service 13.0.0.157 Unquoted Service Path Privilege Escalation
Advanced System Care Service 13.0.0.157 contains an unquoted service path vulnerability in the AdvancedSystemCareService13 service binary path that allows local attackers to escalate privileges. Attackers can place malicious executables in the system root path that will be executed with LocalSyst...
EUVD-2020-31234
Advanced System Care Service 13.0.0.157 contains an unquoted service path vulnerability in the AdvancedSystemCareService13 service binary path that allows local attackers to escalate privileges. Attackers can place malicious executables in the system root path that will be executed with LocalSyst...
CVE-2020-37232
Advanced System Care Service 13.0.0.157 contains an unquoted service path vulnerability in the AdvancedSystemCareService13 service binary path that allows local attackers to escalate privileges. Attackers can place malicious executables in the system root path that will be executed with LocalSyst...
CVE-2020-37232
The CVE-2020-37232 entry concerns Advanced System Care Service 13.0.0.157, which has an unquoted service path in the AdvancedSystemCareService13 binary. This allows local attackers to escalate privileges by placing a malicious executable in the system root that will be launched with LocalSystem p...
CVE-2020-37232 Advanced System Care Service 13.0.0.157 Unquoted Service Path Privilege Escalation
Advanced System Care Service 13.0.0.157 contains an unquoted service path vulnerability in the AdvancedSystemCareService13 service binary path that allows local attackers to escalate privileges. Attackers can place malicious executables in the system root path that will be executed with LocalSyst...
PT-2026-41432
Advanced System Care Service 13.0.0.157 contains an unquoted service path vulnerability in the AdvancedSystemCareService13 service binary path that allows local attackers to escalate privileges. Attackers can place malicious executables in the system root path that will be executed with LocalSyst...
EUVD-2022-29050
Malicious code in bioql PyPI...
EUVD-2022-29049
Malicious code in bioql PyPI...
CVE-2022-24139
In IOBit Advanced System Care AscService.exe 15, an attacker with SEImpersonatePrivilege can create a named pipe with the same name as one of ASCService's named pipes. ASCService first tries to connect before trying to create the named pipes, because of that during login the service will try to...
CVE-2022-24138
IOBit Advanced System Care Asc.exe 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has "rwx" permissions for unprivileged users. Low privilege users can use SetOpLock to wait for CreateProcess and switch the genuine component with ...
CVE-2022-24139
In IOBit Advanced System Care AscService.exe 15, an attacker with SEImpersonatePrivilege can create a named pipe with the same name as one of ASCService's named pipes. ASCService first tries to connect before trying to create the named pipes, because of that during login the service will try to...
CVE-2022-24138
IOBit Advanced System Care Asc.exe 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has "rwx" permissions for unprivileged users. Low privilege users can use SetOpLock to wait for CreateProcess and switch the genuine component with ...
CVE-2022-24138
IOBit Advanced System Care Asc.exe 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has "rwx" permissions for unprivileged users. Low privilege users can use SetOpLock to wait for CreateProcess and switch the genuine component with ...
Code injection
In IOBit Advanced System Care AscService.exe 15, an attacker with SEImpersonatePrivilege can create a named pipe with the same name as one of ASCService's named pipes. ASCService first tries to connect before trying to create the named pipes, because of that during login the service will try to...
Remote code execution
IOBit Advanced System Care 15, iTop Screen Recorder 2.1, iTop VPN 3.2, Driver Booster 9, and iTop Screenshot sends HTTP requests in their update procedure in order to download a config file. After downloading the config file, the products will parse the HTTP location of the update from the file a...
Code injection
IOBit Advanced System Care Asc.exe 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has "rwx" permissions for unprivileged users. Low privilege users can use SetOpLock to wait for CreateProcess and switch the genuine component with ...
CVE-2022-24140
The CVE-2022-24140 entry affects IOBit Advanced System Care 15, iTop Screen Recorder 2.1, iTop VPN 3.2, Driver Booster 9, and iTop Screenshot. The issue arises in the update mechanism: products fetch a config file via HTTP, parse the update location from that file, and automatically install updat...
CVE-2022-24139
The CVE concerns IOBit Advanced System Care, ASCService.exe (version 15). An attacker with SEImpersonatePrivilege can create a named pipe that reuses one of ASCService’s expected named pipe names. ASCService first attempts to connect to the named pipe before creating its pipes, so during login th...
CVE-2022-24139
In IOBit Advanced System Care AscService.exe 15, an attacker with SEImpersonatePrivilege can create a named pipe with the same name as one of ASCService's named pipes. ASCService first tries to connect before trying to create the named pipes, because of that during login the service will try to...