1075 matches found
Lenovo ThinkVantage Communications Utility 3.0.42.0 - Unquoted Service Path Privilege Escalation
Exploit Title: Lenovo ThinkVantage Communications Utility - Unquoted Service Path Privilege Escalation Date: 10/19/2016 Exploit Author: Joey Lane Version: 3.0.42.0 Tested on: Windows 7 Professional The Lenovo ThinkVantage Communications Utility installs 2 services with unquoted service paths. Thi...
PDF Complete 4.1.12 Corporate Edition - Unquoted Service Path Privilege Escalation
PDF Complete 4.1.12 Corporate Edition - Unquoted Service Path Privilege Escalation Exploit Title: PDF Complete Corporate Edition - Unquoted Service Path Privilege Escalation Date: 10/19/2016 Exploit Author: Joey Lane Software Link: http://www.pdfcomplete.com/cms/Downloads.aspx Version: 4.1.12...
Graylog Collector 0.4.2 - Unquoted Service Path Privilege Escalation
Exploit Title: Graylog Collector Service Path Privilege Escalation Date: 10/14/2016 Exploit Author: Joey Lane Software Link: https://github.com/Graylog2/collector Version: 0.4.2 Tested on: Windows Server 2012 R2 Graylog Collector installs as a service with an unquoted service path. If the user...
SolarWinds Kiwi CatTools 3.11.0 - Unquoted Service Path Privilege Escalation
Exploit for windows platform in category local exploits Document Title: ================ SolarWinds Kiwi CatTools Unquoted Service Path Privilege Escalation Vulnerability Author: ======== Halil Dalabasmaz Release Date: ============== 29 SEP 2016 Product & Service Introduction:...
SolarWinds Kiwi Syslog Server 9.5.1 - Unquoted Service Path Privilege Escalation
Exploit for windows platform in category local exploits Document Title: ================ SolarWinds Kiwi Syslog Server Unquoted Service Path Privilege Escalation Vulnerability Author: ======== Halil Dalabasmaz Release Date: ============== 29 SEP 2016 Product & Service Introduction:...
Kaspersky Internet Security KL1 Driver Signal Handler Denial of Service
Summary A denial of service vulnerability exists in the IOCTL handling functionality of Kaspersky Internet Security KL1 driver. A specially crafted IOCTL signal can cause an access violation in KL1 kernel driver resulting in local system denial of service. An attacker can run a program from user...
Arbitrary file manipulation by local user through Mozilla updater and callback application path parameter — Mozilla
Security researcher Holger Fuhrmannek reported that when the Updater is opened directly using the callback application path parameter, a copy of a user specified file is made as a callback file. If the target of this file is made with a locked hardlink, an arbitrary local file can be replaced on...
The vulnerability of the Windows operating system, which allows a malicious individual to increase their privileges
A vulnerability that allows for increased privileges exists in the Windows operating system and is related to incorrect file comparison. If exploited successfully, a malicious individual will be able to execute arbitrary code within the Local System account. They will also be able to install...
Panda Security Multiple Products - Privilege Escalation
Exploit for windows platform in category local exploits Exploit Title: Panda Security Privilege Escalation Date: 27/6/2016 Exploit Author: Security-Assessment.com Vendor Homepage: http://www.pandasecurity.com Version: Panda Global Protection 2016 16.1.2,Panda Antivirus Pro 2016 16.1.2,Panda Small...
Panda Security (Multiple Products) - Local Privilege Escalation
Exploit Title: Panda Security Privilege Escalation Date: 27/6/2016 Exploit Author: Security-Assessment.com Vendor Homepage: http://www.pandasecurity.com Version: Panda Global Protection 2016 16.1.2,Panda Antivirus Pro 2016 16.1.2,Panda Small Business Protection 16.1.2,Panda Internet Security 2016...
Microsoft Windows DNS Server Memory Misreference Vulnerability
Microsoft Windows is a series of operating systems released by the American company Microsoft. A memory misreference vulnerability exists in the Microsoft Windows DNS server, which arises from a failure of the program to properly process a request. An attacker is allowed to exploit the...
Microsoft Windows CVE-2016-3227 DNS Use After Free Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits can allow attackers to execute arbitrary code within the context of the Local System Account. Failed exploit attempts will result in a denial-of-service condition. Technologies Affected Microsoft...
CompuSource Systems - Real Time Home Banking - Privilege Escalation
Exploit for windows platform in category local exploits Exploit Title: CompuSource Systems - Real Time Home Banking - Local Privilege Escalation/Arbitrary Code Execution Date: 2/25/16 Exploit Author: email protected Vendor Homepage: https://www.css4cu.com :...
CompuSource Systems Local Privilege Escalation
Exploit Title: CompuSource Systems - Real Time Home Banking - Local Privilege Escalation/Arbitrary Code Execution Date: 2/25/16 Exploit Author: [email protected] Vendor Homepage: https://www.css4cu.com : https://www.css4cu.com/Next/InfoSide/SoftwareSolutions.php Version: CompuSource System...
Secret Net 7 and Secret Net Studio 8 - Privilege Escalation
Exploit for windows platform in category local exploits Source: https://github.com/Cr4sh/secretnetexpl Secret Net 7 and Secret Net Studio 8 local privileges escalation exploit. 0day vulnerabilities in sncc0.sys kernel driver of Secrity Code products allows attacker to perform local privileges...
Microsoft Windows DNS Memory Misreference Vulnerability
Microsoft Windows Server is a series of server operating systems released by Microsoft.DNS is one of the domain name resolution server components. A memory misreference vulnerability exists in Microsoft Windows Server 2008 SP2 and R2 SP1, Server 2012 Gold and R2 Domain Name System DNS servers. As...
Nvidia Stereoscopic 3D Driver Service 7.17.13.5382 - Arbitrary Run Key Creation
Nvidia Stereoscopic 3D Driver Service 7.17.13.5382 - Arbitrary Run Key Creation Source: https://code.google.com/p/google-security-research/issues/detail?id=515 NVIDIA: Stereoscopic 3D Driver Service Arbitrary Run Key Creation Platform: Windows, NVIDIA Service Version 7.17.13.5382 Class: Elevation...
Arbitrary file manipulation by local user through Mozilla updater — Mozilla
Security researcher Holger Fuhrmannek reported that when the Mozilla updater is run, the updater can be manipulated to load the updated files from a working directory under user control in concert with junctions. When the updates are run by the Mozilla Maintenance Service on Windows, these...
Microsoft Windows Task Scheduler - 'DeleteExpiredTaskAfter' File Deletion Privilege Escalation
Source: https://code.google.com/p/google-security-research/issues/detail?id=442 Windows: Task Scheduler DeleteExpiredTaskAfter File Deletion Elevation of Privilege Platform: Windows 8.1 Update, looks like it should work on 7 and 10 as well Class: Elevation of Privilege Summary: The Task Scheduler...
Out-of-bounds write with Updater and malicious MAR file — Mozilla
Security researcher Holger Fuhrmannek reported that if the Updater opens a MAR format file with a specially crafted name, an out-of-bounds write will occur. This can lead to a potentially exploitable crash but requires that the malicious MAR format file be present on the local system and the...