548 matches found
CVE-2007-0436
The CVE-2007-0436 entry concerns Barron McCann X-Kryptor Driver BMS1446HRR used by X-Kryptor Secure Client. The vulnerability arises because the driver does not drop privileges when launching an Explorer window in response to a help command, enabling a local user to gain LocalSystem privileges vi...
SSC DiskAccess NFS Client - DAPCNFSD.dll Remote Stack Buffer Overflow
SSC DiskAccess NFS Client - DAPCNFSD.dll Remote Stack Buffer Overflow // source: https://www.securityfocus.com/bid/22301/info Shaffer Solutions Corp DiskAccess is prone to a stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it in...
SSC DiskAccess NFS Client - 'DAPCNFSD.dll' Remote Stack Buffer Overflow
// source: https://www.securityfocus.com/bid/22301/info Shaffer Solutions Corp DiskAccess is prone to a stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. An attacker can exploit this...
ZDI-07-006: Citrix Metaframe Presentation Server Print Provider Buffer Overflow Vulnerability
ZDI-07-006: Citrix Metaframe Presentation Server Print Provider Buffer Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-006.html January 24, 2007 -- CVE ID: CVE-2007-0444 -- Affected Vendor: Citrix -- Affected Products: Citrix Presentation Server 4.0 Citrix MetaFrame...
ISS PAM.dll ICQ Parser Buffer Overflow
This module exploits a stack buffer overflow in the ISS products that use the iss-pam1.dll ICQ parser Blackice/RealSecure. Successful exploitation will result in arbitrary code execution as LocalSystem. This exploit only requires 1 UDP packet, which can be both spoofed and sent to a broadcast...
BakBone NetVault 7.1 Local Privilege Escalation Exploit
No description provided by source. // ===== Start UnhideNetVaultServiceWindow.c ====== include stdio.h include windows.h int main void HWND hWnd; char szWindowName = "C:\Program Files\BakBone Software\NetVault\bin\nvstatsmngr.exe"; printf "Finding window %s\n", szWindowName ; hWnd = FindWindow...
CVE-2006-4657
Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying 1 WebProxy.exe or 2 PAVSRV51.EXE...
CVE-2006-4657
Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying 1 WebProxy.exe or 2 PAVSRV51.EXE...
CVE-2006-3697
Agnitum Outpost Firewall Pro 3.51.759.6511 462, as used in 1 Lavasoft Personal Firewall 1.0.543.5722 433 and 2 Novell BorderManager Novell Client Firewall 2.0, does not properly restrict user activities in application windows that run in a LocalSystem context, which allows local users to gain...
ntdll.dll buffer overflow via IIS 5.0 WebDAV
Added: 07/18/2006 CVE: CVE-2003-0109 BID: 7116 OSVDB: 4467 Background The dynamic link library ntdll.dll is a core component of the Windows operating system. It is used by many operating system components including the WebDAV component of Microsoft IIS. Problem A buffer overflow in ntdll.dll allo...
ntdll.dll buffer overflow via IIS 5.0 WebDAV
Added: 07/18/2006 CVE: CVE-2003-0109 BID: 7116 OSVDB: 4467 Background The dynamic link library ntdll.dll is a core component of the Windows operating system. It is used by many operating system components including the WebDAV component of Microsoft IIS. Problem A buffer overflow in ntdll.dll allo...
ntdll.dll buffer overflow via IIS 5.0 WebDAV
Added: 07/18/2006 CVE: CVE-2003-0109 BID: 7116 OSVDB: 4467 Background The dynamic link library ntdll.dll is a core component of the Windows operating system. It is used by many operating system components including the WebDAV component of Microsoft IIS. Problem A buffer overflow in ntdll.dll allo...
Re: The Weakness of Windows Impersonation Model
Hi Brian, I wrote a paper on this subject last year, "Snagging Security Tokens to Elevate Privileges" http://www.databasesecurity.com/dbsec-briefs.htm after Tim Mullen and thrashed out a few details at Blackhat last year over a few White Russians. The paper discusses the problem in the context of...
Microsoft Windows WebClient service buffer overflow
Buffer overflow on RPC based service allows code execution with LocalSystem privileges...
Symantec Antivirus / Symantec Client Security privilege escalation
With help subsystem it's possible to execute code with LocalSystem privileges...
Nortel Contivity VPN Client privilege escalation
File open dialog exllows to execute file with LocalSystem privileges...
NAePolicy.txt
Summary: Privilege escalation in Network Associates ePolicy Orchestrator Agent 3.5.0 patch 3 http://www.nai.com/ Details: The ePolicy Orchestrator Agent web server which runs on TCP port 8081 by default and serves the McAfee Agent Activity Log can be used to view files that exist on the same...
ContivitySystem.txt
Summary: Privilege escalation in Nortel Contivity VPN Client V0501.030 http://www.nortel.com Details: The Contivity VPN Client is a Windows application that lets you define and store connection information for accessing your corporate network through a Contivity Secure IP Services Gateway. When t...
[Full-disclosure] Privilege escalation in Linksys WLAN Monitor v2.0.
Summary: Privilege escalation in Linksys WLAN Monitor v2.0 http://www.linksys.com/ Details: The Linksys WLAN Monitor service WLSVC that is used to configure settings for various Linksys wireless network cards runs under the context of the LocalSystem account. It is possible to manipulate the...
linksysWLAN20.txt
Summary: Privilege escalation in Linksys WLAN Monitor v2.0 http://www.linksys.com/ Details: The Linksys WLAN Monitor service WLSVC that is used to configure settings for various Linksys wireless network cards runs under the context of the LocalSystem account. It is possible to manipulate the...