1065 matches found
Microsoft Windows DNS Server Memory Misreference Vulnerability
Microsoft Windows is a series of operating systems released by the American company Microsoft. A memory misreference vulnerability exists in the Microsoft Windows DNS server, which arises from a failure of the program to properly process a request. An attacker is allowed to exploit the...
Microsoft Windows CVE-2016-3227 DNS Use After Free Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits can allow attackers to execute arbitrary code within the context of the Local System Account. Failed exploit attempts will result in a denial-of-service condition. Technologies Affected Microsoft...
CompuSource Systems Local Privilege Escalation
Exploit Title: CompuSource Systems - Real Time Home Banking - Local Privilege Escalation/Arbitrary Code Execution Date: 2/25/16 Exploit Author: [email protected] Vendor Homepage: https://www.css4cu.com : https://www.css4cu.com/Next/InfoSide/SoftwareSolutions.php Version: CompuSource System...
CompuSource Systems - Real Time Home Banking - Privilege Escalation
Exploit for windows platform in category local exploits Exploit Title: CompuSource Systems - Real Time Home Banking - Local Privilege Escalation/Arbitrary Code Execution Date: 2/25/16 Exploit Author: email protected Vendor Homepage: https://www.css4cu.com :...
Secret Net 7 and Secret Net Studio 8 - Privilege Escalation
Exploit for windows platform in category local exploits Source: https://github.com/Cr4sh/secretnetexpl Secret Net 7 and Secret Net Studio 8 local privileges escalation exploit. 0day vulnerabilities in sncc0.sys kernel driver of Secrity Code products allows attacker to perform local privileges...
Microsoft Windows DNS Memory Misreference Vulnerability
Microsoft Windows Server is a series of server operating systems released by Microsoft.DNS is one of the domain name resolution server components. A memory misreference vulnerability exists in Microsoft Windows Server 2008 SP2 and R2 SP1, Server 2012 Gold and R2 Domain Name System DNS servers. As...
Nvidia Stereoscopic 3D Driver Service 7.17.13.5382 - Arbitrary Run Key Creation
Nvidia Stereoscopic 3D Driver Service 7.17.13.5382 - Arbitrary Run Key Creation Source: https://code.google.com/p/google-security-research/issues/detail?id=515 NVIDIA: Stereoscopic 3D Driver Service Arbitrary Run Key Creation Platform: Windows, NVIDIA Service Version 7.17.13.5382 Class: Elevation...
Arbitrary file manipulation by local user through Mozilla updater — Mozilla
Security researcher Holger Fuhrmannek reported that when the Mozilla updater is run, the updater can be manipulated to load the updated files from a working directory under user control in concert with junctions. When the updates are run by the Mozilla Maintenance Service on Windows, these...
Microsoft Windows Task Scheduler - 'DeleteExpiredTaskAfter' File Deletion Privilege Escalation
Source: https://code.google.com/p/google-security-research/issues/detail?id=442 Windows: Task Scheduler DeleteExpiredTaskAfter File Deletion Elevation of Privilege Platform: Windows 8.1 Update, looks like it should work on 7 and 10 as well Class: Elevation of Privilege Summary: The Task Scheduler...
Out-of-bounds write with Updater and malicious MAR file — Mozilla
Security researcher Holger Fuhrmannek reported that if the Updater opens a MAR format file with a specially crafted name, an out-of-bounds write will occur. This can lead to a potentially exploitable crash but requires that the malicious MAR format file be present on the local system and the...
Microsoft Windows 8.1 - Local WebDAV NTLM Reflection Privilege Escalation
Source: https://code.google.com/p/google-security-research/issues/detail?id=222 Windows: Local WebDAV NTLM Reflection Elevation of Privilege Platform: Windows 8.1 Update, Windows 7 Class: Elevation of Privilege Summary: A default installation of Windows 7/8 can be made to perform a NTLM reflectio...
iPass privilege escalation
Code execution with local system rights is possible...
MS15-025: Vulnerabilities in Windows kernel could allow elevation of privilege: March 10, 2015
Resolves vulnerabilities in Windows that could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local...
Electronic Arts Origin Client 9.5.5 - Multiple Privilege Escalation Vulnerabilities
Electronic Arts Origin Client 9.5.5 Multiple Privilege Escalation Vulnerabilities Vendor: Electronic Arts Inc. Product web page: https://www.origin.com Affected version: 9.5.5.2850 353317 9.5.3.636 350385 9.5.2.2829 348065 Summary: Origin formerly EA Download Manager EADM is digital distribution...
ActFax-4.31---Local-System
Title: ActFax 4.31 Local Privilege Escalation Exploit Author: Craig Freyman @cd1zz Discovered: July 10, 2012 Vendor Notified: June 12, 2012 Description: http://www.pwnag3.com/2012/08/actfax-local-privilege-escalation.html sc = "\x89\xe5\xdb\xce\xd9\x75\xf4\x58\x50\x59\x49\x49\x49\x49"...
Microsoft Windows SSL Library Private Communications Transport Buffer Overflow - Ver2 (CVE-2003-0719)
A buffer overflow vulnerability has been reported in Microsoft Windows SSL Library. The vulnerability is due to the processing of certain messages. A remote attacker can exploit this issue by executing arbitrary code in the context of a local system user when SSL is enabled...
Cisco Unified Computing System B-Series Servers Privilege Escalation Vulnerability
Cisco Unified Computing System B-Series Blade Servers could allow an authenticated, local attacker to gain shell-level access to the affected device. The vulnerability is due to improper input validation in the ping6 and the traceroute6 commands. An attacker could exploit this vulnerability by...
PT-2014-8443 · Bmc · Bmc Track-It!
Name of the Vulnerable Software and Affected Versions: BMC Track-It! version 11.3 Description: The issue allows remote attackers to gain privileges and execute arbitrary code by creating an account whose name matches that of a local system account, then performing a password reset. This is relate...
CVE-2014-9113
CCH Wolters Kluwer ProSystem fx Engagement aka PFX Engagement 7.1 and earlier uses weak permissions Authenticated Users: Modify and Write for the 1 Pfx.Engagement.WcfServices, 2 PFXEngDesktopService, 3 PFXSYNPFTService, and 4 P2EWinService service files in PFX Engagement, which allows local users...
CCH Wolters Kluwer PFX Engagement 7.1 - Local Privilege Escalation
CCH Wolters Kluwer PFX Engagement 7.1 - Local Privilege Escalation Exploit Title: CCH Wolters Kluwer PFX Engagement Windows 8, 2003, 2008, 2012 CVE : 2014-9113 Product Affected: CCH Wolters Kluwer PFX Engagement = v7.1 This vulnerability has been reference checked this against multiple installs...