CVE-2021-35312

CVE-2021-35312 affects CIR 2000 / Gestionale Amica Prodigy v1.7. The vulnerability stems from incorrect permissions on RemoteBackup.Service.exe, allowing a local unprivileged user to replace the executable and execute code with LocalSystem privileges (privilege escalation). Public documents (Expl...

Gestionale Amica Prodigy 授权问题漏洞

Gestionaleamica Gestionale Amica Prodigy is an application from Gestionaleamica. a cloud backup service that ensures accounting security. Gestionale Amica Prodigy suffers from an authorization issue vulnerability that stems from the product not adding the correct permissions to...

Amica Prodigy 1.7 Privilege Escalation

Exploit Title: Amica Prodigy 1.7 - Privilege Escalation Date: 2021-08-06 Exploit Author: Andrea Intilangelo Vendor Homepage: https://gestionaleamica.com - https://www.bisanziosoftware.com Software Link: https://gestionaleamica.com/Download/AmicaProdigySetup.exe Version: 1.7 Tested on: Windows 10...

CVE-2021-34110

WinWaste.NET version 1.0.6183.16475 has incorrect permissions, allowing a local unprivileged user to replace the executable with a malicious file that will be executed with "LocalSystem" privileges...

Code injection

WinWaste.NET version 1.0.6183.16475 has incorrect permissions, allowing a local unprivileged user to replace the executable with a malicious file that will be executed with "LocalSystem" privileges...

CVE-2021-34110

WinWaste.NET version 1.0.6183.16475 has incorrect permissions, allowing a local unprivileged user to replace the executable with a malicious file that will be executed with "LocalSystem" privileges...

PT-2021-20384 · Unknown · Winwaste.Net

Name of the Vulnerable Software and Affected Versions: WinWaste.NET version 1.0.6183.16475 Description: The issue allows a local unprivileged user to replace the executable with a malicious file that will be executed with "LocalSystem" privileges due to incorrect permissions. Recommendations: For...

WinWaste.NET 1.0.6183.16475 Local Privilege Escalation

Exploit Title: WinWaste.NET - Privilege Escalation due Incorrect Access Control Date: 2021-07-01 Author: Andrea Intilangelo Vendor Homepage: http://nica.it - http://winwastenet.com Version: 1.0.6183.16475 Tested on: Windows 10 Pro x64 - 20H2 and 21H1 CVE: CVE-2021-34110 WinWaste.NET version...

WinWaste.NET 1.0.6183.16475 Local Privilege Escalation Vulnerability

WinWaste.NET version 1.0.6183.16475 allows a local unprivileged user to replace the executable with a malicious file that will be executed with LocalSystem privileges. Exploit Title: WinWaste.NET - Privilege Escalation due Incorrect Access Control Author: Andrea Intilangelo Vendor Homepage:...

Brother BRPrint Auditor 3.0.7 Unquoted Service Path

Exploit Title: Brother BRPrint Auditor 3.0.7 - 'Multiple' Unquoted Service Path Discovery by: Brian Rodriguez Date: 14-06-2021 Vendor Homepage: https://support.brother.com/ Software Links:...

Veyon 4.4.1 Unquoted Service Path

Exploit Title: Veyon 4.4.1 - 'VeyonService' Unquoted Service Path Discovery by: Víctor García Discovery Date: 2020-03-23 Vendor Homepage: https://veyon.io/ Software Link: https://github.com/veyon/veyon/releases/download/v4.4.1/veyon-4.4.1.0-win64-setup.exe Tested Version: 4.4.1 Vulnerability Type...

ActivIdentity 8.2 - (ac.sharedstore) Unquoted Service Path Vulnerability

Exploit Title: ActivIdentity 8.2 - 'ac.sharedstore' Unquoted Service Path Exploit Author : SamAlucard Software Version : ActivIdentity 8.2 Vendor Homepage : https://www.hidglobal.com/ Tested on OS: Windows 7 Pro ActivIdentity was Acquired by HID Global in Octuber 2010 ActivClient is a desktop...

ELAN Touchpad 15.2.13.1_X64_WHQL - 'ETDService' Unquoted Service Path

Exploit Title: ELAN Touchpad 15.2.13.1X64WHQL - 'ETDService' Unquoted Service Path Exploit Author : SamAlucard Exploit Date: 2021-03-22 Vendor : ELAN Microelectronics Version : ELAN Touchpad 15.2.13.1X64WHQL Vendor Homepage : http://www.emc.com.tw/ Tested on OS: Windows 8 This software installs...

SAPSetup Automatic Workstation Update Service 750 Unquoted Service Path

Exploit Title: SAPSetup Automatic Workstation Update Service 750 - 'NWSAPAutoWorkstationUpdateSvc' Unquoted Service Path Discovery by: Alan Mondragon Discovery Date: 2021-03-16 Vendor Homepage: https://help.sap.com/ Software Links : https://help.sap.com/ SAP Tested Version: 750 Final Release...

QNAP QVR Client 5.0.0.13230 Unquoted Service Path

Exploit Title: QNAP QVR Client 5.0.0.13230 - 'QVRService' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2021-03-14 Vendor Homepage: https://www.qnap.com Tested Version: 5.0.0.13230 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 Pro x64 es Step to discover...

Pingzapper 2.3.1 Unquoted Service Path

Exploit Title: Pingzapper 2.3.1 - 'PingzapperSvc' Unquoted Service Path Discovery by: Brian Rodriguez Date: 07-03-2021 Vendor Homepage: https://pingzapper.com Software Links: https://pingzapper.com/download Tested Version: 2.3.1 Vulnerability Type: Unquoted Service Path Tested on: Windows 8.1 Pro...

Learn How to Manage and Secure Active Directory Service Accounts

There are many different types of accounts in a typical Active Directory environment. These include user accounts, computer accounts, and a particular type of account called a service account. A service account is a special type of account that serves a specific purpose for services, and...

Serv-U FTP Server < 15.2.2 Hotfix 1 Arbitrary File Read/Write

In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files that include users' password hashes that is world readable and writable. An unprivileged Windows user having access to the server's filesystem can add an FTP user by copying a valid profile file to thi...

SolarWinds Orion Platform < 2019.4.2 Remote Code Execution

The Collector Service in SolarWinds Orion Platform before 2019.4.2 uses MSMQ Microsoft Message Queue and doesn't set permissions on its private queues. As a result, remote unauthenticated clients can send messages to TCP port 1801 that the Collector Service will process. Additionally, upon...

Design/Logic Flaw

In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files that include users' password hashes that is world readable and writable. An unprivileged Windows user having access to the server's filesystem can add an FTP user by copying a valid profile file to thi...