29 matches found
CVE-2018-10169
ProtonVPN 1.3.3 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "ProtonVPN Service" service. This service establishes an NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "Connect" method accepts a...
EUVD-2018-2248
Malware in sbrugna...
EUVD-2018-2718
Malware in sbrugna...
CVE-2019-9486
STRATO HiDrive Desktop Client 5.0.1.0 for Windows suffers from a SYSTEM privilege escalation vulnerability through the HiDriveMaintenanceService service. This service establishes a NetNamedPipe endpoint that allows applications to connect and call publicly exposed methods. An attacker can inject...
Privilege escalation
STRATO HiDrive Desktop Client 5.0.1.0 for Windows suffers from a SYSTEM privilege escalation vulnerability through the HiDriveMaintenanceService service. This service establishes a NetNamedPipe endpoint that allows applications to connect and call publicly exposed methods. An attacker can inject...
CVE-2019-9486
STRATO HiDrive Desktop Client 5.0.1.0 for Windows suffers from a SYSTEM privilege escalation vulnerability through the HiDriveMaintenanceService service. This service establishes a NetNamedPipe endpoint that allows applications to connect and call publicly exposed methods. An attacker can inject...
CVE-2019-9486
STRATO HiDrive Desktop Client 5.0.1.0 for Windows is affected by a SYSTEM privilege-escalation vulnerability via the HiDriveMaintenanceService, which exposes a NetNamedPipe endpoint and allows code injection through insecure interprocess communication. The issue also affects Telekom MagentaCLOUD ...
Golden Frog VyprVPN for Windows Privilege Exploit
Golden Frog VyprVPN for Windows is a suite of VPN software for the Windows platform. A privilege extraction vulnerability exists in Golden Frog VyprVPN version 2.12.1.8015 for Windows-based platforms, which originates when the VyprVPN service creates a NetNamedPipe endpoint that allows an install...
CyberGhost for Windows Privilege Exploit
CyberGhost for Windows is a Windows-based VPN software. A power lifting vulnerability exists in CyberGhost version 6.5.0.3180 for Windows-based platforms, which stems from a NetNamedPipe endpoint created by the CG6Service service that allows installed applications to connect and invoke publicly...
CVE-2018-10646
CyberGhost 6.5.0.3180 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "CG6Service" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "ConnectToVpnServer" method...
Privilege escalation
Golden Frog VyprVPN 2.12.1.8015 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "VyprVPN" service. This service establishes a NetNamedPipe endpoint that allows applications to connect and call publicly exposed methods. The "SetProperty" method allows an attacker t...
Privilege escalation
CyberGhost 6.5.0.3180 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "CG6Service" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "ConnectToVpnServer" method...
CVE-2018-10645
Golden Frog VyprVPN 2.12.1.8015 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "VyprVPN" service. This service establishes a NetNamedPipe endpoint that allows applications to connect and call publicly exposed methods. The "SetProperty" method allows an attacker t...
CVE-2018-10645
CVE-2018-10645 affects Golden Frog VyprVPN 2.12.1.8015 for Windows. The VyprVPN service exposes a NetNamedPipe endpoint; its SetProperty method allows configuring AdditionalOpenVpnParameters and OpenVPN command line, enabling a dynamic library plugin via the OpenVPN plugin parameter to run code u...
CVE-2018-10645
Golden Frog VyprVPN 2.12.1.8015 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "VyprVPN" service. This service establishes a NetNamedPipe endpoint that allows applications to connect and call publicly exposed methods. The "SetProperty" method allows an attacker t...
CVE-2018-10646
CyberGhost 6.5.0.3180 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "CG6Service" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "ConnectToVpnServer" method...
CVE-2018-10646
CyberGhost 6.5.0.3180 for Windows contains a SYSTEM privilege-escalation in the CG6Service via a NetNamedPipe endpoint. The ConnectToVpnServer method accepts a connectionParams argument that can specify a dynamic library plugin to run on every VPN connection, enabling code execution in the SYSTEM...
Privilege escalation
TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "TunnelBearMaintenance" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "OpenVPNConnect"...
CVE-2018-10381
TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "TunnelBearMaintenance" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "OpenVPNConnect"...
ProtonVPN Elevation of Privilege Vulnerability
ProtonVPN for Windows is a free Windows-based VPN software for anonymous access to the Internet. A power lifting vulnerability exists in version 1.3.3 of ProtonVPN for Windows-based platforms, which stems from a NetNamedPipe endpoint created by the 'ProtonVPN Service' service that allows arbitrar...