507 matches found
CVE-2022-24562
In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send GET and POST requests to Airserv and gain arbitrary read/write access to the entire file-system with admin privileges on the victim's endpoint, which can result in data theft and remote code execution...
Remote code execution
In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send GET and POST requests to Airserv and gain arbitrary read/write access to the entire file-system with admin privileges on the victim's endpoint, which can result in data theft and remote code execution...
CVE-2022-24562
In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send GET and POST requests to Airserv and gain arbitrary read/write access to the entire file-system with admin privileges on the victim's endpoint, which can result in data theft and remote code execution...
CVE-2022-24562
IOTransfer 4.3.1.1561 exposes an unauthenticated remote-access flaw in the Airserv component. An attacker can send GET/POST requests to Airserv and gain arbitrary read/write access to the entire filesystem with admin privileges, enabling potential data theft and remote code execution. The issue i...
CVE-2021-44968
A Use after Free vulnerability exists in IOBit Advanced SystemCare 15 pro via requests sent in sequential order using the IOCTL driver codes, which could let a malicious user execute arbitrary code or a Denial of Service system crash. IOCTL list: iobitioctl = 0x8001e01c, 0x8001e020, 0x8001e024,...
CVE-2021-44968
A Use after Free vulnerability exists in IOBit Advanced SystemCare 15 pro via requests sent in sequential order using the IOCTL driver codes, which could let a malicious user execute arbitrary code or a Denial of Service system crash. IOCTL list: iobitioctl = 0x8001e01c, 0x8001e020, 0x8001e024,...
Design/Logic Flaw
A Use after Free vulnerability exists in IOBit Advanced SystemCare 15 pro via requests sent in sequential order using the IOCTL driver codes, which could let a malicious user execute arbitrary code or a Denial of Service system crash. IOCTL list: iobitioctl = 0x8001e01c, 0x8001e020, 0x8001e024,...
CVE-2021-44968
CVE-2021-44968 affects IObit Advanced SystemCare 15 Pro. A Use-after-Free vulnerability arises when requests are sent in sequence using the IOCTL driver codes, potentially allowing arbitrary code execution or a system crash. IOCTLs implicated include 0x8001e01c, 0x8001e020, 0x8001e024, 0x8001e040...
CVE-2021-44968
A Use after Free vulnerability exists in IOBit Advanced SystemCare 15 pro via requests sent in sequential order using the IOCTL driver codes, which could let a malicious user execute arbitrary code or a Denial of Service system crash. IOCTL list: iobitioctl = 0x8001e01c, 0x8001e020, 0x8001e024,...
IObit Advanced SystemCare 资源管理错误漏洞
IObit Advanced SystemCare is a system management utility from IObit UK. The program is mainly used for scanning, repairing and optimizing the system, among other things. IObit Advanced SystemCare 15 pro suffers from a resource management error vulnerability that originates from sending requests...
CVE-2021-21792
An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet IRP can lead to privileged reads in the context of a driver which can result in sensitive information...
CVE-2021-21792
An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet IRP can lead to privileged reads in the context of a driver which can result in sensitive information...
CVE-2021-21791
An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet IRP can lead to privileged reads in the context of a driver which can result in sensitive information...
CVE-2021-21790
An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet IRP can lead to privileged reads in the context of a driver which can result in sensitive information...
CVE-2021-21785
An information disclosure vulnerability exists in the IOCTL 0x9c40a148 handling of IOBit Advanced SystemCare Ultimate 14.2.0.220. A specially crafted I/O request packet IRP can lead to a disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability...
Information disclosure
An information disclosure vulnerability exists in the IOCTL 0x9c40a148 handling of IOBit Advanced SystemCare Ultimate 14.2.0.220. A specially crafted I/O request packet IRP can lead to a disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability...
Information disclosure
An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet IRP can lead to privileged reads in the context of a driver which can result in sensitive information...
Information disclosure
An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet IRP can lead to privileged reads in the context of a driver which can result in sensitive information...
CVE-2021-21785
An information disclosure vulnerability exists in the IOCTL 0x9c40a148 handling of IOBit Advanced SystemCare Ultimate 14.2.0.220. A specially crafted I/O request packet IRP can lead to a disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability...
CVE-2021-21785
The CVE-2021-21785 issue affects IOBit Advanced SystemCare Ultimate 14.2.0.220. TALOS details show an information-disclosure vulnerability in IOCTL 0x9c40a148, where unprivileged user data reaches HalSetBusDataByOffset via IRP handling, enabling read of device configuration and registers and thus...