CVE-2024-36480

CVE-2024-36480 affects Ricoh Streamline NX PC Client versions 3.7.2 and earlier, due to use of hard-coded credentials. An attacker could potentially obtain the LocalSystem account on the host and perform unintended operations. Public details consistently specify the affected range up to 3.7.2.1 f...

JVN#00442488: Multiple vulnerabilities in Ricoh Streamline NX PC Client

Ricoh Streamline NX PC Client provided by RICOH COMPANY, LTD. contains multiple vulnerabilities listed below. Improper restriction of communication channel to intended endpoints CWE-923 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Base Score 6.3 CVE-2024-36252 ricoh-2024-000004 Use of hard-coded...

CVE-2024-36246

Missing authorization vulnerability exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted...

CVE-2024-23847

Incorrect default permissions issue exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted...

CVE-2024-36246

Missing authorization vulnerability exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted...

CVE-2024-36246

CVE-2024-36246 corresponds to a Missing Authorization for coejobhook Command Execution (CWE-862) in Yokogawa Unifier and Unifier Cast. Public sources confirm an Arbitrary Code Execution vector with LocalSystem privileges if exploited. Affected versions include Unifier and Unifier Cast 5.0+ (befor...

CVE-2024-36246

Missing authorization vulnerability exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted...

CVE-2024-23847

Incorrect default permissions issue exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted...

CVE-2024-23847

Incorrect default permissions issue exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted...

CVE-2024-23847

The CVE-2024-23847 issue affects Yokogawa Unifier and Unifier Cast (Unifier 5.0+ and Unifier Cast 5.0+, up to before v5.10.6; unpatched versions). Root cause: Incorrect default permissions (Cast Launcher CWE-276) enabling arbitrary code execution with LocalSystem privileges. Impact: potential ins...

JVN#17680667: Multiple vulnerabilities in Unifier and Unifier Cast

Unifier and Unifier Cast provided by Yokogawa Rental ＆ Lease Corporation contains multiple vulnerabilities listed below. Incorrect Default Permissions configured by Cast Launcher CWE-276 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 7.8 CVE-2024-23847 Missing Authorization for coejobhoo...

Rapid7 nexpose - 'nexposeconsole' Unquoted Service Path

Exploit Title: Rapid7 nexpose - 'nexposeconsole' Unquoted Service Path Date: 2024-04-2 Exploit Author: Saud Alenazi Vendor Homepage: https://www.rapid7.com/ Software Link: https://www.rapid7.com/products/nexpose/ Version: 6.6.240 Tested: Windows 10 x64 Step to discover Unquoted Service Path:...

Rapid7 nexpose - (nexposeconsole) Unquoted Service Path Vulnerability

Exploit Title: Rapid7 nexpose - 'nexposeconsole' Unquoted Service Path Exploit Author: Saud Alenazi Vendor Homepage: https://www.rapid7.com/ Software Link: https://www.rapid7.com/products/nexpose/ Version: 6.6.240 Tested: Windows 10 x64 Step to discover Unquoted Service Path: C:\Users\saudhwmic...

CVE-2023-50702

Sikka SSCWindowsService 5 2023-09-14 executes a program as LocalSystem but allows full control by low-privileged users and low-privileged users have write access to %PROGRAMDATA%\SSCService. Consequently, low-privileged users can execute arbitrary code as LocalSystem...

SikkaSoft Platform Utility 安全漏洞

SikkaSoft Platform Utility is a cloud platform from SikkaSoft, Inc. A security vulnerability exists in SikkaSoft Platform Utility version 5 2023-09-14 that originates from allowing a low-privileged user to execute arbitrary code with LocalSystem privileges...

CVE-2023-50702

Sikka SSCWindowsService 5 2023-09-14 executes a program as LocalSystem but allows full control by low-privileged users and low-privileged users have write access to %PROGRAMDATA%\SSCService. Consequently, low-privileged users can execute arbitrary code as LocalSystem...

CVE-2023-50702

The CVE-2023-50702 entry concerns Sikka SSCWindowsService v5 (2023-09-14). It describes a flaw where the service runs a program as LocalSystem but grants write permissions to %PROGRAMDATA%\SSCService for low-privilege users, enabling them to execute arbitrary code with LocalSystem privileges. Con...

S4UTomato - Escalate Service Account To LocalSystem Via Kerberos

Escalate Service Account To LocalSystem via Kerberos. Traditional Potatoes Friends familiar with the "Potato" series of privilege escalation should know that it can elevate service account privileges to local system privileges. The early exploitation techniques of "Potato" are almost identical:...

Kingo ROOT 1.5.8 Unquoted Service Path

Exploit Title: Kingo ROOT 1.5.8 - Unquoted Service Path Date: 8/22/2023 Exploit Author: Anish Feroz ZEROXINN Vendor Homepage: https://www.kingoapp.com/ Software Link: https://www.kingoapp.com/android-root/download.htm Version: 1.5.8.3353 Tested on: Windows 10 Pro -------------Discovering Unquoted...

Kingo ROOT 1.5.8 - Unquoted Service Path Vulnerability

Exploit Title: Kingo ROOT 1.5.8 - Unquoted Service Path Exploit Author: Anish Feroz ZEROXINN Vendor Homepage: https://www.kingoapp.com/ Software Link: https://www.kingoapp.com/android-root/download.htm Version: 1.5.8.3353 Tested on: Windows 10 Pro -------------Discovering Unquoted...