1065 matches found
CVE-2020-25106
CVE-2020-25106 affects Nanosystems SupRemo 4.1.3.2348. When running as a service, File Manager can modify system-privileged files, allowing an attacker to rename Supremo.exe and upload a Trojan to achieve LocalSystem access. Vulnerable version: 4.1.3.2348. Fixed version: 4.2.0.2423. Exploitation ...
SUPREMO 4.1.3.2348 Privilege Escalation
Details ======= Subject: Local Privilege Escalation Product: SUPREMO by Nanosystems S.r.l. Vendor Homepage: https://www.supremocontrol.com/ Vendor Status: fixed version released Vulnerable Version: 4.1.3.2348 No other version was tested, but it is believed for the older versions to be also...
Realtek Andrea RT Filters 1.0.64.10 Unquoted Service Path
Exploit Title: Realtek Andrea RT Filters 1.0.64.10 - 'AERTSr64.EXE' Unquoted Service Path Discovery by: Erika Figueroa Discovery Date: 2020-11-07 Vendor Homepage: https://www.realtek.com/en/ Tested Version: 1.0.64.10 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 8.1 x64 es Step ...
NVIDIA GeForce Experience Denial of Service and Elevation of Privilege Vulnerability
NVIDIA GeForce Experience is graphics card driver update software that helps to check your computer's geforce drivers and update them to the latest version. A denial of service and elevation of privilege vulnerability exists in NVIDIA GeForce Experience versions prior to 3.20.5.70. The...
FruityWifi Elevation of Privilege Vulnerability
FruityWifi is a wireless network auditing tool. A security vulnerability exists in FruityWifi version 2.4 and prior versions, which stems from the presence of a fail-safe Sudo configuration ALL: ALL NOPASSWD: ALL. The vulnerability can be exploited by an attacker to perform a system-level root...
CVE-2020-24848
CVE-2020-24848 affects FruityWifi up to version 2.4, where an unsafe sudo configuration (ALL: ALL) NOPASSWD: ALL enables local root privilege escalation. This misconfiguration allows an attacker with local access to obtain full persistent control over the system. Publicly documented sources (incl...
CVE-2020-5978
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in its services in which a folder is created by nvcontainer.exe under normal user login with LOCALSYSTEM privileges which may lead to a denial of service or escalation of privileges...
VulnCheck KEV: CVE-2020-1350
Microsoft Windows DNS Servers fail to properly handle requests, allowing an attacker to perform remote code execution in the context of the Local System Account. The vulnerability is also known under the moniker of SIGRed...
Vulnerabilities fixed in Acronis Cyber Backup and True Image
Acronis has fixed multiple vulnerabilities in Cyber Backup and True Image. A local malicious party could potentially exploit them to execute arbitrary code under SYSTEM privileges. To do this, a rogue file must be placed in a specific folder on the file system. Acronis has released updates to fix...
Input validation
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex...
Input validation
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex...
Input validation
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex...
CVE-2019-15285 Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex...
CVE-2019-15287 Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex...
Remote code execution
A remote code execution vulnerability exists when Active Directory integrated DNS ADIDNS mishandles objects in memory. An authenticated attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account To exploit the vulnerability, an...
Microsoft Windows Server Remote Code Execution Vulnerability (CNVD-2020-57800)
Microsoft Windows is a desktop operating system from Microsoft. A remote code execution vulnerability exists in Microsoft Windows Active Directory Integrated DNS ADIDNS that could allow an attacker to run arbitrary code in a local system account...
Microsoft Windows Server Remote Code Execution Vulnerability (CNVD-2020-57799)
Windows Server is the brand name of a series of server operating systems released by Microsoft, which includes all Windows operating systems released under the brand name "Windows Server". A remote code execution vulnerability exists in Microsoft Windows Server. The vulnerability stems from Activ...
Active Directory Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Active Directory integrated DNS ADIDNS mishandles objects in memory. An authenticated attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account To exploit the vulnerability, an...
PT-2020-3910 · Microsoft · Windows Active Directory Integrated Dns +1
Name of the Vulnerable Software and Affected Versions: Windows Active Directory integrated DNS ADIDNS affected versions not specified Description: A remote code execution issue exists due to Active Directory integrated DNS ADIDNS mishandling objects in memory. An authenticated attacker could...
CVE-2020-15145
In Composer-Setup for Windows before version 6.0.0, if the developer's computer is shared with other users, a local attacker may be able to exploit the following scenarios. 1. A local regular user may modify the existing C:\ProgramData\ComposerSetup\bin\composer.bat in order to get elevated comma...