33 matches found
CVE-2026-54777 CoreWCF NetNamedPipe transport accepts attach to a pre-existing named pipe instance
CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF NetNamedPipe transport accepts attachment to a pre-existing named pipe instance, allowing local interception of NetNamedPipe traffic when an attacker races NamedPipeListen...
CVE-2026-54777 CoreWCF NetNamedPipe transport accepts attach to a pre-existing named pipe instance
CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF NetNamedPipe transport accepts attachment to a pre-existing named pipe instance, allowing local interception of NetNamedPipe traffic when an attacker races NamedPipeListen...
GHSA-6JJ2-4Q5C-X8G6 CoreWCF NetNamedPipe transport accepts attach to a pre-existing named pipe instance
Impact CoreWCF NetNamedPipe transport accepts attach to a pre-existing named pipe instance, allowing local interception of NetNamedPipe traffic. NetNamedPipe creates a shared memory object based on the listening url, then generated a unique GUID for the named pipe it will be using and saves this ...
PT-2026-51074
Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description The NetNamedPipe transport in CoreWCF allows local interception of traffic. This occurs because the transport accepts attachments to pre-existing named pipe instances...
CVE-2018-10169
ProtonVPN 1.3.3 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "ProtonVPN Service" service. This service establishes an NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "Connect" method accepts a...
EUVD-2018-2718
Malware in sbrugna...
EUVD-2018-2248
Malware in sbrugna...
CVE-2019-9486
STRATO HiDrive Desktop Client 5.0.1.0 for Windows suffers from a SYSTEM privilege escalation vulnerability through the HiDriveMaintenanceService service. This service establishes a NetNamedPipe endpoint that allows applications to connect and call publicly exposed methods. An attacker can inject...
Privilege escalation
STRATO HiDrive Desktop Client 5.0.1.0 for Windows suffers from a SYSTEM privilege escalation vulnerability through the HiDriveMaintenanceService service. This service establishes a NetNamedPipe endpoint that allows applications to connect and call publicly exposed methods. An attacker can inject...
CVE-2019-9486
STRATO HiDrive Desktop Client 5.0.1.0 for Windows is affected by a SYSTEM privilege-escalation vulnerability via the HiDriveMaintenanceService, which exposes a NetNamedPipe endpoint and allows code injection through insecure interprocess communication. The issue also affects Telekom MagentaCLOUD ...
CVE-2019-9486
STRATO HiDrive Desktop Client 5.0.1.0 for Windows suffers from a SYSTEM privilege escalation vulnerability through the HiDriveMaintenanceService service. This service establishes a NetNamedPipe endpoint that allows applications to connect and call publicly exposed methods. An attacker can inject...
CyberGhost for Windows Privilege Exploit
CyberGhost for Windows is a Windows-based VPN software. A power lifting vulnerability exists in CyberGhost version 6.5.0.3180 for Windows-based platforms, which stems from a NetNamedPipe endpoint created by the CG6Service service that allows installed applications to connect and invoke publicly...
Golden Frog VyprVPN for Windows Privilege Exploit
Golden Frog VyprVPN for Windows is a suite of VPN software for the Windows platform. A privilege extraction vulnerability exists in Golden Frog VyprVPN version 2.12.1.8015 for Windows-based platforms, which originates when the VyprVPN service creates a NetNamedPipe endpoint that allows an install...
Privilege escalation
CyberGhost 6.5.0.3180 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "CG6Service" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "ConnectToVpnServer" method...
CVE-2018-10646
CyberGhost 6.5.0.3180 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "CG6Service" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "ConnectToVpnServer" method...
Privilege escalation
Golden Frog VyprVPN 2.12.1.8015 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "VyprVPN" service. This service establishes a NetNamedPipe endpoint that allows applications to connect and call publicly exposed methods. The "SetProperty" method allows an attacker t...
CVE-2018-10645
Golden Frog VyprVPN 2.12.1.8015 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "VyprVPN" service. This service establishes a NetNamedPipe endpoint that allows applications to connect and call publicly exposed methods. The "SetProperty" method allows an attacker t...
CVE-2018-10645
Golden Frog VyprVPN 2.12.1.8015 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "VyprVPN" service. This service establishes a NetNamedPipe endpoint that allows applications to connect and call publicly exposed methods. The "SetProperty" method allows an attacker t...
CVE-2018-10646
CyberGhost 6.5.0.3180 for Windows contains a SYSTEM privilege-escalation in the CG6Service via a NetNamedPipe endpoint. The ConnectToVpnServer method accepts a connectionParams argument that can specify a dynamic library plugin to run on every VPN connection, enabling code execution in the SYSTEM...
CVE-2018-10645
CVE-2018-10645 affects Golden Frog VyprVPN 2.12.1.8015 for Windows. The VyprVPN service exposes a NetNamedPipe endpoint; its SetProperty method allows configuring AdditionalOpenVpnParameters and OpenVPN command line, enabling a dynamic library plugin via the OpenVPN plugin parameter to run code u...