68 matches found
Hackers Abusing Windows Search Feature to Install Remote Access Trojans
A legitimate Windows search feature is being exploited by unknown malicious actors to download arbitrary payloads from remote servers and compromise targeted systems with remote access trojans such as AsyncRAT and Remcos RAT. The novel attack technique, per Trellix, takes advantage of the...
CVE-2023-28353
An issue was discovered in Faronics Insight 10.0.19045 on Windows. An unauthenticated attacker is able to upload any type of file to any location on the Teacher Console's computer, enabling a variety of different exploitation paths including code execution. It is also possible for the attacker to...
CVE-2022-41667
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal ExpertV3.3 Hotfi...
CVE-2022-41667
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal ExpertV3.3 Hotfi...
CVE-2022-1373
The “restore configuration” feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability when processing zip files. An attacker can craft a zip file to load an arbitrary dll and execute code. Using the "restore configuration" feature to upload a zip file...
Trojan-Ransom.Thanos MVID-2022-0607 Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/be60e389a0108b2871dff12dfbb542ac.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Ransom.Thanos Vulnerability: Code Execution Description: Thanos looks for and...
Ransom.REvil MVID-2022-0599 Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/ab1aaa8f96c61684736da00ece5a9c83.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom.REvil Vulnerability: Code Execution Description: REvil looks for and executes DLLs ...
Ransom.CTBLocker Code Execution
Discovery / credits: Malvuln - John Page - aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/de25f04dedaffde1be47ef26dc9a8176.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom.CTBLocker Vulnerability: Code Execution Description: CTBLocker looks for and...
CVE-2021-35449
The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below, and G4 driver 4.2.1.0 and below are affected by a privilege escalation vulnerability. A standard low priviliged user can use the driver to execute a DLL of their choosing durin...
Lexmark Universal Print Driver 安全漏洞
Lexmark Universal Print Driver is a printer driver from Lexmark USA. A security vulnerability exists in Lexmark Universal Print Driver that originates from a standard low-privilege user being able to use the driver to execute a DLL of their choice during the add printer process, resulting in...
CVE-2021-22645
Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a “load” command, which can be pointed to a .dll fro...
CVE-2018-21241
CVE-2018-21241 affects Foxit PhantomPDF before 8.3.6, where an untrusted search path allows a DLL to execute remote code. According to sources, the vulnerability is triggered in affected PhantomPDF versions prior to 8.3.6 and can lead to remote code execution on the system. The CVSS details indic...
Lenovo Vantage Vulnerabilities - Lenovo Support US
Lenovo Security Advisory: LEN-30401 Potential Impact: Escalation of Privilege, Improper Verification of Cryptographic Signature, Severity: High Scope of Impact: Lenovo-specific CVE Identifier: CVE-2020-8316, CVE-2020-8318, CVE-2020-8319, CVE-2020-8324, CVE-2020-8327 Summary Description: The...
Nord Security: Race condition (TOCTOU) in NordVPN can result in local privilege escalation
Summary: A vulnerability exists in the NordVPN service, which is installed as part of the NordVPN Windows app. By exploiting a race condition in the NordVPN service it is possible to launch OpenVPN with a user-supplied configuration file. By setting an OpenSSL engine name within this configuratio...
CVE-2019-18232
SafeNet Sentinel LDK License Manager, all versions prior to 7.101only Microsoft Windows versions are affected is vulnerable when configured as a service. This vulnerability may allow an attacker with local access to create, write, and/or delete files in system folder using symbolic links, leading...
Thales DIS SafeNet Sentinel LDK License Manager Runtime
1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low skill level to exploit Vendor: Thales DIS Equipment: SafeNet Sentinel LDK License Manager Runtime Vulnerability: Link Following 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to escalate privileges. 3...
CVE-2018-6668
A whitelist bypass vulnerability in McAfee Application Control / Change Control 7.0.1 and before allows execution bypass, for example, with simple DLL through interpreters such as PowerShell...
IBM Notes and Domino Privilege Permission and Access Control Vulnerabilities
IBM Notes and Domino are both collaborative office software from the American company IBM. The software has office features such as e-mail, calendar, and scheduling. A privilege permission and access control vulnerability exists in the Notes System Diagnostic NSD service in IBM Notes and Domino o...
CVE-2017-14029
An Uncontrolled Search Path Element issue was discovered in Trihedral VTScada 11.3.03 and prior. The program will execute specially crafted malicious dll files placed on the target machine...
Symantec VIP Access Arbitrary DLL Execution
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SYMANTEC-VIP-ACCESS-ARBITRARY-DLL-EXECUTION.txt + ISR: ApparitionSec Vendor: ================ www.symantec.com Product: =================== Symantec VIP Access Desktop...