CVE-2021-36285

Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive NVMe password attempt mitigations in order to carry out a brute force attack...

Admin password re-use. Don’t do it

As a pentester, one of the most disappointing sights is see on a test is extensive local admin password reuse. I know others get excited as it means easy pwnage of the network, but for me, it makes my job too straightforward. I want more of a challenge, particularly as resolving the local admin...

CVE-2020-25564

CVE-2020-25564 : A privilege escalation in SapphireIMS 5.0 allows a non-privileged user to create a local administrator on any client by directly accessing the RemoteMgmtTaskSave (Automation Tasks) feature. The root cause is insufficient access control in the Automation Tasks pathway. Impact repo...

CVE-2020-25563

SapphireIMS 5.0 is affected by an authentication-bypass vulnerability in the RemoteMgmtTaskSave (Automation Tasks) path that allows an unauthenticated user to create a local administrator on any client by accessing RemoteMgmtTaskSave without a JSESSIONID. Root cause: direct access to an automatio...

CVE-2021-21572

Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions...

SharpGPOAbuse - Tool To Take Advantage Of A User'S Edit Rights On A Group Policy Object (GPO) In Order To Compromise The Objects That Are Controlled By That GPO

SharpGPOAbuse is a .NET application written in C that can be used to take advantage of a user's edit rights on a Group Policy Object GPO in order to compromise the objects that are controlled by that GPO. More details can be found at the following blog post:...

CVE-2021-23879

Unquoted service path vulnerability in McAfee Endpoint Product Removal EPR Tool prior to 21.2 allows local administrators to execute arbitrary code, with higher-level privileges, via execution from a compromised folder. The tool did not enforce and protect the execution path. Local admin privileg...

Design/Logic Flaw

Unquoted service path vulnerability in McAfee Endpoint Product Removal EPR Tool prior to 21.2 allows local administrators to execute arbitrary code, with higher-level privileges, via execution from a compromised folder. The tool did not enforce and protect the execution path. Local admin privileg...

CVE-2021-23879

The CVE-2021-23879 entry describes an unquoted service path vulnerability in McAfee Endpoint Product Removal (EPR) Tool, before version 21.2. The flaw allows local administrators to execute arbitrary code with elevated privileges by placing files in an insecure path where the tool runs, due to th...

CVE-2021-23879 Unquoted service path vulnerability in McAfee Endpoint Product Removal (EPR) Tool prior to 21.2 allows local administrators to execute arbitrary code, with higher-level privileges, via execution from a compromised folder. The tool did not enforce and ...

Unquoted service path vulnerability in McAfee Endpoint Product Removal EPR Tool prior to 21.2 allows local administrators to execute arbitrary code, with higher-level privileges, via execution from a compromised folder. The tool did not enforce and protect the execution path. Local admin privileg...

CVE-2020-36012

Stored XSS vulnerability in BDTASK Multi-Store Inventory Management System 1.0 allows a local admin to inject arbitrary code via the Customer Name Field...

CVE-2020-10658

The Proofpoint Insider Threat Management Server formerly ObserveIT Server before 7.9.1 contains a vulnerability in the ITM application server's WriteImage API. The vulnerability allows an anonymous remote attacker to execute arbitrary code with local administrator privileges. The vulnerability is...

CVE-2020-36154

The Application Wrapper in Pearson VUE VTS Installer 2.3.1911 has Full Control permissions for Everyone in the "%SYSTEMDRIVE%\Pearson VUE" directory, which allows local users to obtain administrative privileges via a Trojan horse application...

CVE-2020-27585

Quick Heal Total Security before 19.0 allows attackers with local admin rights to modify sensitive anti virus settings via a brute-attack on the settings password...

Default credentials

Quick Heal Total Security before 19.0 allows attackers with local admin rights to obtain access to files in the File Vault via a brute-force attack on the password...

CVE-2020-27587

CVE-2020-27587 affects Quick Heal Total Security prior to 19.0. The vulnerability allows attackers with local admin rights to brute-force the password and gain access to files stored in the program’s File Vault. The available documents do not provide explicit exploitation details, affected produc...

CVE-2020-27587

Quick Heal Total Security before 19.0 allows attackers with local admin rights to obtain access to files in the File Vault via a brute-force attack on the password...

CVE-2020-27585

CVE-2020-27585 affects Quick Heal Total Security prior to 19.0. The issue allows an attacker with local administrator rights to modify sensitive antivirus settings by brute-forcing the settings password. This is a local-privilege scenario (attack vector: LOCAL, authentication: NONE, impact: HIGH ...

CVE-2020-27585

Quick Heal Total Security before 19.0 allows attackers with local admin rights to modify sensitive anti virus settings via a brute-attack on the settings password...

VMware ESXi Resource Management Error Vulnerability

Vmware VMware ESXi is a server virtualization platform from Vmware that can be installed directly on physical servers. A security vulnerability exists in VMware ESXi that stems from the inclusion of a no after-use vulnerability in the XHCI USB controller. A malicious participant with local...