EUVD-2019-7627

Malware in sbrugna...

PT-2024-22368 · Corewcf · Corewcf

Name of the Vulnerable Software and Affected Versions: CoreWCF versions prior to 1.4.2 CoreWCF versions prior to 1.5.2 Description: The issue affects NetFraming based CoreWCF services, where extra system resources could be consumed by connections being left established instead of closing or...

Code injection

otris Update Manager 1.2.1.0 allows local users to achieve SYSTEM access via unauthenticated calls to exposed interfaces over a .NET named pipe. A remote attack may be possible as well, by leveraging WsHTTPBinding for HTTP traffic on TCP port 9000...

CVE-2021-40376

CVE-2021-40376 affects otris Update Manager 1.2.1.0. The vulnerability allows local users to obtain SYSTEM privileges by sending unauthenticated calls to exposed interfaces via a .NET named pipe. A remote attack may be possible by abusing WsHTTPBinding for HTTP traffic on TCP port 9000. CVSS data...

CVE-2021-40376

otris Update Manager 1.2.1.0 allows local users to achieve SYSTEM access via unauthenticated calls to exposed interfaces over a .NET named pipe. A remote attack may be possible as well, by leveraging WsHTTPBinding for HTTP traffic on TCP port 9000...

CVE-2019-17201

FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. When a user requests elevation using the AdminByRequest.exe interface, the interface communicates with the underlying service...

CVE-2019-9486

STRATO HiDrive Desktop Client 5.0.1.0 for Windows suffers from a SYSTEM privilege escalation vulnerability through the HiDriveMaintenanceService service. This service establishes a NetNamedPipe endpoint that allows applications to connect and call publicly exposed methods. An attacker can inject...

CVE-2018-10646

CyberGhost 6.5.0.3180 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "CG6Service" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "ConnectToVpnServer" method...

TunnelBear for Windows Elevation of Privilege Vulnerability

TunnelBear for Windows is a Windows-based VPN software for anonymous access to restricted networks. A privilege extraction vulnerability in TunnelBear version 3.2.0.6 for Windows-based platforms stems from a NetNamedPipe endpoint created by the TunnelBearMaintenance service that allows arbitrary...

CVE-2018-10381

TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "TunnelBearMaintenance" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "OpenVPNConnect"...

NordVPN Elevation of Privilege Vulnerability

NordVPN for Windows is a Windows-based VPN software for anonymous access to the Internet. A lifting vulnerability in version 6.12.7.0 of NordVPN for Windows-based platforms stems from a NetNamedPipe endpoint created by the 'nordvpn-service' service that allows arbitrary installed applications to...

CVE-2018-10170

NordVPN 6.12.7.0 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "nordvpn-service" service. This service establishes an NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "Connect" method accepts a...