NoMachine 5.3.26 Remote Code Execution

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NOMACHINE-TROJAN-FILE-REMOTE-CODE-EXECUTION.txt + ISR: ApparitionSec Greetz: Greetz: indoushka | Eduardo Vendor www.nomachine.com Product NoMachine / hyp3rlinx / / gcc -c -m32...

NoMachine 5.3.26 Remote Code Execution Exploit

NoMachine versions 5.3.26 and below suffer from a remote code execution vulnerability when opening a malicious .nxs file. + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NOMACHINE-TROJAN-FILE-REMOTE-CODE-EXECUTION.txt...

Unspecified Vulnerability in NoMachine App for Android

NoMachine App for Android is a remote desktop application for the Android platform from NoMachine Luxembourg. A security vulnerability exists in NoMachine App for Android. An attacker can exploit the vulnerability to modify environment variables...

CVE-2018-0664

A vulnerability in NoMachine App for Android 5.0.63 and earlier allows attackers to alter environment variables via unspecified vectors...

CVE-2018-0664

A vulnerability in NoMachine App for Android 5.0.63 and earlier allows attackers to alter environment variables via unspecified vectors...

Design/Logic Flaw

A vulnerability in NoMachine App for Android 5.0.63 and earlier allows attackers to alter environment variables via unspecified vectors...

CVE-2018-0664

NoMachine App for Android contains an information alteration vulnerability that allows a remote attacker to modify environment variables, potentially leading to arbitrary code execution. Affected versions are NoMachine App for Android 5.0.63 and earlier; JVN notes the issue affects Android up to ...

CVE-2018-0664

A vulnerability in NoMachine App for Android 5.0.63 and earlier allows attackers to alter environment variables via unspecified vectors...

NoMachine App for Android vulnerable to environment variables alteration

Overview NoMachine App for Android contains an information alteration vulnerability. Satoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A remote attacker may alte...

JVN#14451678: NoMachine App for Android vulnerable to environment variables alteration

NoMachine App for Android contains an information alteration vulnerability. Impact A remote attacker may alter environemt variables of the NoMachine App. As a result, arbitrary code may be executed. Solution Update the Software Update to the latest version of software according to the information...

nomachine.com XSS vulnerability

Open Bug Bounty ID: OBB-623580 Description| Value ---|--- Affected Website:| nomachine.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

The vulnerability of the nxfuse component in the DokanFS library of the NoMachine remote desktop access system allows a attacker to cause a service failure or increase their privileges.

The vulnerability of the nxfuse component in the DokanFS library of the NoMachine remote desktop access system is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges when operating software under the Windows 7 operating system o...

NoMachine 'nxfuse' elevation of privilege vulnerability

NoMachine is a remote desktop access tool from NoMachine Luxembourg. open Source DokanFS library is one of the open source file system libraries. nxfuse is one of the components that can expose NX data as a file system. A security vulnerability exists in the nxfuse component of the Open Source...

Code injection

An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine 6.0.662 and earlier allows a local low privileged user to gain elevation of privileges on Windows 7 32 and 64bit, and denial of service for Windows 8 and 10...

CVE-2018-6947

An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine 6.0.662 and earlier allows a local low privileged user to gain elevation of privileges on Windows 7 32 and 64bit, and denial of service for Windows 8 and 10...

CVE-2018-6947

An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine 6.0.662 and earlier allows a local low privileged user to gain elevation of privileges on Windows 7 32 and 64bit, and denial of service for Windows 8 and 10...

CVE-2018-6947

CVE-2018-6947 is an uninitialised stack variable vulnerability in the nxfuse component of the Open Source DokanFS library shipped with NoMachine 6.0.66_2 and earlier. It enables local, low-privilege users to gain elevation of privileges on Windows 7 (32/64-bit) and can cause a denial of service o...

NoMachine nxfuse Privilege Escalation

from ctypes import from ctypes.wintypes import import struct import sys import os MEMCOMMIT = 0x00001000 MEMRESERVE = 0x00002000 PAGEEXECUTEREADWRITE = 0x00000040 GENERICREAD = 0x80000000 GENERICWRITE = 0x40000000 OPENEXISTING = 0x3 STATUSINVALIDHANDLE = 0xC0000008 shellcodelen = 90 s = aa s +=...

NoMachine 6.0.80 (x86) - nxfuse Privilege Escalation

NoMachine 6.0.80 x86 - nxfuse Privilege Escalation...

NoMachine 6.0.80 (x64) - nxfuse Privilege Escalation

NoMachine 6.0.80 x64 - nxfuse Privilege Escalation from ctypes import from ctypes.wintypes import import struct import sys import os MEMCOMMIT = 0x00001000 MEMRESERVE = 0x00002000 PAGEEXECUTEREADWRITE = 0x00000040 GENERICREAD = 0x80000000 GENERICWRITE = 0x40000000 OPENEXISTING = 0x3...