Microsoft Windows 8.1 - Local WebDAV NTLM Reflection Privilege Escalation

Source: https://code.google.com/p/google-security-research/issues/detail?id=222 Windows: Local WebDAV NTLM Reflection Elevation of Privilege Platform: Windows 8.1 Update, Windows 7 Class: Elevation of Privilege Summary: A default installation of Windows 7/8 can be made to perform a NTLM reflectio...

iPass privilege escalation

Code execution with local system rights is possible...

MS15-025: Vulnerabilities in Windows kernel could allow elevation of privilege: March 10, 2015

Resolves vulnerabilities in Windows that could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local...

Electronic Arts Origin Client 9.5.5 - Multiple Privilege Escalation Vulnerabilities

Electronic Arts Origin Client 9.5.5 Multiple Privilege Escalation Vulnerabilities Vendor: Electronic Arts Inc. Product web page: https://www.origin.com Affected version: 9.5.5.2850 353317 9.5.3.636 350385 9.5.2.2829 348065 Summary: Origin formerly EA Download Manager EADM is digital distribution...

ActFax-4.31---Local-System

Title: ActFax 4.31 Local Privilege Escalation Exploit Author: Craig Freyman @cd1zz Discovered: July 10, 2012 Vendor Notified: June 12, 2012 Description: http://www.pwnag3.com/2012/08/actfax-local-privilege-escalation.html sc = "\x89\xe5\xdb\xce\xd9\x75\xf4\x58\x50\x59\x49\x49\x49\x49"...

Microsoft Windows SSL Library Private Communications Transport Buffer Overflow - Ver2 (CVE-2003-0719)

A buffer overflow vulnerability has been reported in Microsoft Windows SSL Library. The vulnerability is due to the processing of certain messages. A remote attacker can exploit this issue by executing arbitrary code in the context of a local system user when SSL is enabled...

Cisco Unified Computing System B-Series Servers Privilege Escalation Vulnerability

Cisco Unified Computing System B-Series Blade Servers could allow an authenticated, local attacker to gain shell-level access to the affected device. The vulnerability is due to improper input validation in the ping6 and the traceroute6 commands. An attacker could exploit this vulnerability by...

PT-2014-8443 · Bmc · Bmc Track-It!

Name of the Vulnerable Software and Affected Versions: BMC Track-It! version 11.3 Description: The issue allows remote attackers to gain privileges and execute arbitrary code by creating an account whose name matches that of a local system account, then performing a password reset. This is relate...

CVE-2014-9113

CCH Wolters Kluwer ProSystem fx Engagement aka PFX Engagement 7.1 and earlier uses weak permissions Authenticated Users: Modify and Write for the 1 Pfx.Engagement.WcfServices, 2 PFXEngDesktopService, 3 PFXSYNPFTService, and 4 P2EWinService service files in PFX Engagement, which allows local users...

CCH Wolters Kluwer PFX Engagement 7.1 - Local Privilege Escalation

CCH Wolters Kluwer PFX Engagement 7.1 - Local Privilege Escalation Exploit Title: CCH Wolters Kluwer PFX Engagement Windows 8, 2003, 2008, 2012 CVE : 2014-9113 Product Affected: CCH Wolters Kluwer PFX Engagement = v7.1 This vulnerability has been reference checked this against multiple installs...

Enalean Tuleap 7.2 - XML External Entity File Disclosure

Enalean Tuleap 7.2 - XML External Entity File Disclosure Vulnerability title: Tuleap = 7.2 External XML Entity Injection in Enalean Tuleap CVE: CVE-2014-7177 Vendor: Enalean Product: Tuleap Affected version: 7.2 and earlier Fixed version: 7.4.99.5 Reported by: Jerzy Kramarz Details: A multiple XM...

Enalean Tuleap 7.2 - XML External Entity File Disclosure

Vulnerability title: Tuleap = 7.2 External XML Entity Injection in Enalean Tuleap CVE: CVE-2014-7177 Vendor: Enalean Product: Tuleap Affected version: 7.2 and earlier Fixed version: 7.4.99.5 Reported by: Jerzy Kramarz Details: A multiple XML External Entity Injection has been found and confirmed...

Microsoft Windows Task Scheduler Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker may exploit this issue to execute arbitrary code with the Local system account. Successful exploits will result in the complete compromise of affected computers. Technologies Affected Microsoft...

CylantSecure 1.0 Kernel Module Syscall Rerouting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2958/info CylantSecure is a commercial Linux hardening tool and security infrastructure available from Cylant Technology. A problem in the CylantSecure infrastructure could allow users to escape monitoring. A user with ro...

Microsoft Internet Explorer 5 XML Page Object Type Validation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8565/info Internet Explorer does not properly handle object types, when rendering XML based web sites. This may result in the possibility of the execution of malicious software. The problem occurs when Internet Explorer...

PHP-Proxima autohtml.PHP Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7598/info A vulnerability has been reported for PHP-Proxima. The problem occurs in the autohtml.php script. Specifically, the script fails to verify the contents of a user-supplied variable before including a specified fi...

HP OpenView Radia Management Portal 1.0/2.0 - Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13414/info A remote command execution vulnerability affects HP OpenView Radia Management Portal. This issue is due to a failure of the application to properly secure access to critical functionality. This is due to a...

Nessus 2.0.x LibNASL Arbitrary Code Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7664/info Nessus has reported that various flaws have been discovered in the 'libnasl' library used by the Nessus application. As a result, a malicious NASL script may be able to break outside of the established sandbox...

HP Compaq Insight Management Agent 5.0 Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8336/info The Compaq Management Agent HTTP server is vulnerable to a format string issue. A remote attacker may be able to exploit this vulnerability in order to execute arbitrary code with Local System privileges. $ prin...

Microsoft Internet Explorer 5/6 Object Type Validation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8456/info The problem occurs when Internet Explorer receives a response from the server when a web page containing an object tag is parsed. Successful exploitation of this vulnerability could allow a malicious object to b...