1065 matches found
CVE-2016-5295
This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke the Mozilla Updater to run malicious local files. This vulnerability requires local system access and is a variant of MFSA2013-44. Note: this issue only...
CVE-2016-5295
This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke the Mozilla Updater to run malicious local files. This vulnerability requires local system access and is a variant of MFSA2013-44. Note: this issue only...
CVE-2017-7766
An attack using manipulation of "updater.ini" contents, used by the Mozilla Windows Updater, and privilege escalation through the Mozilla Maintenance Service to allow for arbitrary file execution and deletion by the Maintenance Service, which has privileged access. Note: This attack requires loca...
CVE-2016-5293
When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox E...
CVE-2017-7768
CVE-2017-7768: Local privilege issue where an unprivileged user can read 32 bytes from any local file via Mozilla Maintenance Service by convincing it to read a status file from the Windows updater. Affected: Firefox ESR < 52.2 and Firefox
CVE-2017-5409
The CVE-2017-5409 issue affects Mozilla Firefox on Windows (Firefox ESR <45.8 and Firefox
CVE-2016-5295
This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke the Mozilla Updater to run malicious local files. This vulnerability requires local system access and is a variant of MFSA2013-44. Note: this issue only...
CVE-2017-7768
The Mozilla Maintenance Service can be invoked by an unprivileged user to read 32 bytes of any arbitrary file on the local system by convincing the service that it is reading a status file provided by the Mozilla Windows Updater. The Mozilla Maintenance Service executes with privileged access,...
CVE-2017-5409
The Mozilla Windows updater can be called by a non-privileged user to delete an arbitrary local file by passing a special path to the callback parameter through the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows...
WatchGuard AP100, AP102 and AP200 Authentication Vulnerabilities
The WatchGuard AP100, AP102 and AP200 are all different series of indoor wireless access point devices from WatchGuard USA. A security vulnerability exists in the WatchGuard AP100, AP102, and AP200 using firmware versions prior to 1.2.9.15, which stems from a failure of the local Access Point Web...
CVE-2018-10576
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Improper authentication handling by the native Access Point web UI allows authentication using a local system account instead of the dedicated web-only user...
Privilege escalation
An issue was discovered in KTextEditor 5.34.0 through 5.45.0. Insecure handling of temporary files in the KTextEditor's kauthktexteditorhelper service as utilized in the Kate text editor can allow other unprivileged users on the local system to gain root privileges. The attack occurs when one use...
CVE-2018-10361
An issue was discovered in KTextEditor 5.34.0 through 5.45.0. Insecure handling of temporary files in the KTextEditor's kauthktexteditorhelper service as utilized in the Kate text editor can allow other unprivileged users on the local system to gain root privileges. The attack occurs when one use...
CVE-2018-10361
An issue was discovered in KTextEditor 5.34.0 through 5.45.0. Insecure handling of temporary files in the KTextEditor's kauthktexteditorhelper service as utilized in the Kate text editor can allow other unprivileged users on the local system to gain root privileges. The attack occurs when one use...
CVE-2018-10361
An issue was discovered in KTextEditor 5.34.0 through 5.45.0. Insecure handling of temporary files in the KTextEditor's kauthktexteditorhelper service as utilized in the Kate text editor can allow other unprivileged users on the local system to gain root privileges. The attack occurs when one use...
Microsoft Malware Protection Engine Remote Code Execution (CVE-2018-0986)
A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption .An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the Local Syst...
WebLog Expert Enterprise 9.4 Privilege Escalation
Exploit Author: bzyo Twitter: @bzyo Exploit Title: WebLog Expert Enterprise 9.4 - Privilege Escalation Date: 03-31-2018 Vulnerable Software: WebLog Expert Enterprise 9.4 Vendor Homepage: https://www.weblogexpert.com/ Version: 9.4 Software Link: https://www.weblogexpert.com/download.htm Tested On:...
WebLog Expert Enterprise 9.4 - Privilege Escalation Vulnerability
Exploit for windows platform in category local exploits Exploit Author: bzyo Twitter: @bzyo Exploit Title: WebLog Expert Enterprise 9.4 - Privilege Escalation Vulnerable Software: WebLog Expert Enterprise 9.4 Vendor Homepage: https://www.weblogexpert.com/ Version: 9.4 Software Link:...
WebLog Expert Enterprise 9.4 - Privilege Escalation
WebLog Expert Enterprise 9.4 - Privilege Escalation Exploit Author: bzyo Twitter: @bzyo Exploit Title: WebLog Expert Enterprise 9.4 - Privilege Escalation Date: 03-31-2018 Vulnerable Software: WebLog Expert Enterprise 9.4 Vendor Homepage: https://www.weblogexpert.com/ Version: 9.4 Software Link:...
WebLog Expert Enterprise 9.4 - Privilege Escalation
Exploit Author: bzyo Twitter: @bzyo Exploit Title: WebLog Expert Enterprise 9.4 - Privilege Escalation Date: 03-31-2018 Vulnerable Software: WebLog Expert Enterprise 9.4 Vendor Homepage: https://www.weblogexpert.com/ Version: 9.4 Software Link: https://www.weblogexpert.com/download.htm Tested On:...