CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

69 matches found

OSV•added 2016/07/13 1:59 a.m.•1 views

CVE-2016-3258

Race condition in the kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the Low Integrity protection mechanism and write to files by leveraging unspecified object-manager features, aka "Windows File System...

4.7CVSS5.8AI score

Exploits0References3

Microsoft CVE•added 2016/07/12 7:0 a.m.•37 views

Windows File System Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists in the Windows kernel that could allow an attacker to exploit time of check time of use TOCTOU issues in file path-based checks from a low-integrity application. An attacker who successfully exploited this vulnerability could potentially modify files...

6.3CVSS2.8AI score0.00926EPSS

Exploits0

Exploit DB•added 2016/06/21 12:0 a.m.•33 views

Microsoft Windows - Custom Font Disable Policy Bypass

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=779 Windows: Custom Font Disable Policy Bypass Platform: Windows 10 Only Class: Security Feature Bypass Summary: It’s possible to bypass the ProcessFontDisablePolicy check in win32k to load a custom font from an arbitrary file on...

7.4AI score

Exploits0

GoogleProjectZero•added 2015/10/15 12:0 a.m.•18 views

Windows Drivers are True’ly Tricky

Posted by James Forshaw, Driving for Bugs Auditing a product for security vulnerabilities can be a difficult challenge, and there’s no guarantee you’ll catch all vulnerabilities even when you do. This post describes an issue I identified in the Windows Driver code for Truecrypt, which has already...

7.2AI score

Exploits0

GoogleProjectZero•added 2015/08/25 12:0 a.m.•51 views

Windows 10^H^H Symbolic Link Mitigations

Posted by James Forshaw, abusing symbolic links like it’s 1999. For the past couple of years I’ve been researching Windows elevation of privilege attacks. This might be escaping sandboxing or gaining system privileges. One of the techniques I’ve used multiple times is abusing the symbolic link...

10CVSS7.6AI score0.12974EPSS

Exploits0

NVD•added 2015/08/15 12:59 a.m.•20 views

CVE-2015-2428

Object Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly constrain impersonation levels during interaction with object symbolic links that originated in ...

2.1CVSS6.3AI score0.01777EPSS

Exploits0References2

Prion•added 2015/08/15 12:59 a.m.•19 views

Privilege escalation

2.1CVSS6.6AI score0.01777EPSS

Exploits0References2Affected Software4

Cvelist•added 2015/08/15 12:0 a.m.•28 views

CVE-2015-2428

6.2AI score0.01777EPSS

Exploits0References2

CVE•added 2015/08/15 12:0 a.m.•77 views

CVE-2015-2428

CVE-2015-2428 affects Windows Object Manager interactions with object symbolic links originated in sandboxed processes, enabling local privilege escalation by failing to constrain impersonation levels. The issue arises when a sandboxed process creates an Object Manager symbolic link; the kernel a...

2.1CVSS6.4AI score0.01777EPSS

Exploits0References2Affected Software8

CNVD•added 2015/08/14 12:0 a.m.•1 views

Microsoft Windows Object Manager Local Elevation of Privilege Vulnerability

Microsoft Windows is a series of operating systems released by Microsoft.Object Manager is one of the object managers. An elevation of privilege vulnerability exists in Windows Object Manager, which can be exploited by an attacker to bypass emulation layer security checks and elevate privileges...

2.1CVSS7.1AI score0.01777EPSS

Exploits0References1

Tenable Nessus•added 2015/08/11 12:0 a.m.•36 views

MS15-090: Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege (3060716)

The remote Windows host is affected by multiple elevation of privilege vulnerabilities in Windows Object Manager : - A flaw exists in Windows Object Manager due to a failure to properly validate and enforce impersonation levels. A remote, authenticated attacker can exploit this vulnerability, via...

9.3CVSS5.6AI score0.07161EPSS

Exploits0References4

Symantec•added 2015/08/11 12:0 a.m.•42 views

Microsoft Windows Object Manager CVE-2015-2428 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges and execute arbitrary code by exploiting another vulnerability in the application. Successful exploits may lead to other attacks. Technologies...

2.1CVSS1.6AI score0.01777EPSS

Exploits0Affected Software5

NVD•added 2014/07/17 11:17 a.m.•13 views

CVE-2014-4250

Unspecified vulnerability in the Siebel Core - Server OM Frwks component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Object Manager...

3.5CVSS5.2AI score0.0164EPSS

Exploits0References7

Prion•added 2014/07/17 11:17 a.m.•12 views

Design/Logic Flaw

3.5CVSS5.6AI score0.0164EPSS

Exploits0References7Affected Software1

Cvelist•added 2014/07/17 10:0 a.m.•19 views

CVE-2014-4250

5.2AI score0.0164EPSS

Exploits0References7

NVD•added 2014/03/11 7:37 p.m.•23 views

CVE-2013-4196

The object manager implementation objectmanager.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly restrict access to internal methods, which allows remote attackers to obtain sensitive information via a crafted request...

5CVSS6AI score0.01369EPSS

Exploits0References4

Prion•added 2014/03/11 7:37 p.m.•12 views

Information disclosure

5CVSS6.6AI score0.01369EPSS

Exploits0References4Affected Software1