PT-2022-25146 · Panini · Panini Everest Engine

Name of the Vulnerable Software and Affected Versions: Panini Everest Engine version 2.0.4 Description: The issue allows unprivileged users to create a file named Everest.exe in the %PROGRAMDATA%Panini folder, leading to privilege escalation. A service running as SYSTEM uses the unquoted path of...

CVE-2022-31262

An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to insufficient folder permissions, an attacker can hijack the %ProgramData%\GOG.com folder structure and change the GalaxyCommunication service executable to a malicious file, resulting in code execution as...

CVE-2022-2145

Cloudflare WARP client for Windows up to v. 2022.5.309.0 allowed creation of mount points from its ProgramData folder. During installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files...

PT-2022-16245 · Check Point · Zonealarm

Name of the Vulnerable Software and Affected Versions: Check Point ZoneAlarm versions prior to 15.8.200.19118 Description: The issue allows a local actor to escalate privileges during the upgrade process. Additionally, weak permissions in the ProgramDataCheckPointZoneAlarmDataUpdates directory...

Razer Synapse 3 代码问题漏洞

Razer Synapse 3 is an application from Razer USA, Inc. A cloud-based unified hardware configuration tool. A security vulnerability exists in Razer Synapse prior to version 3.7.0228.022817 that stems from the fact that Razer Synapse prior to version 3.7.0228.022817 allows privilege escalation...

CVE-2022-26526

Anaconda Anaconda3 Anaconda Distribution through 2021.11.0.0 and Miniconda3 through 4.11.0.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH environment variable. Thus, for example, local users can gain privileges by placing a Trojan horse...

Anaconda Anaconda3和Miniconda3 代码问题漏洞

Anaconda3 and Miniconda3 are both products of Anaconda, Inc. of the U.S. Anaconda3 is a distribution of the Python and R programming languages for scientific computing data science, machine learning applications, large-scale data processing, predictive analytics, etc.. Dedicated to simplifying...

Hardcoded credentials

NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to corrupt program data...

CVE-2021-1125

CVE-2021-1125 affects NVIDIA GPU and Tegra hardware. A vulnerability in the internal microcontroller could allow a user with elevated privileges (local access, HIGH privileges) to corrupt program data. The public records describe this as a local impact with no user interaction, and the CVSS/metri...

CVE-2021-1125

NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to corrupt program data...

CVE-2021-34688

iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read an encrypted version of the system's Personal Key in world-readable %PROGRAMDATA% log files. The encryption is done using a hard-coded static key and is therefore reversible by an...

Hardcoded credentials

iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read an encrypted version of the system's Personal Key in world-readable %PROGRAMDATA% log files. The encryption is done using a hard-coded static key and is therefore reversible by an...

Acronis True Image Access Control Error Vulnerability

Acronis True Image is a famous data backup and restore software from Acronis Singapore. The software can be used to create drive and disk images and can restore the image when a clean system is needed. Acronis True Image version 2021 suffers from an Access Control Error vulnerability that stems...

New Flaws in Top Antivirus Software Could Make Computers More Vulnerable

Cybersecurity researchers today disclosed details of security vulnerabilities found in popular antivirus solutions that could enable attackers to elevate their privileges, thereby helping malware sustain its foothold on the compromised systems. According to a report published by CyberArk research...

OpenText Webroot endpoint agents elevation of privilege vulnerability

OpenText Webroot endpoint agents is an endpoint security protection agent program from OpenText Canada. A security vulnerability exists in versions prior to OpenText Webroot endpoint agents v9.0.28.48, which stems from the program's failure to protect the "%PROGRAMDATA%\WrData\PKG" directory from...

iccpolska.pl Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1161010 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

CVE-2019-13355

In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\ used by ccschedulersvc.exe allows local attackers to hijack dotnetproxy.exe, which leads to privilege escalation when the ccSchedulerSVC service runs the executable...

CVE-2019-13142

The RzSurroundVADStreamingService RzSurroundVADStreamingService.exe in Razer Surround 1.1.63.0 runs as the SYSTEM user using an executable located in %PROGRAMDATA%\Razer\Synapse\Devices\Razer Surround\Driver. The DACL on this folder allows any user to overwrite contents of files in this folder,...

Information Disclosure

qt is vulnerable to information disclosure attacks. The vulnerability exists as the QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions world-readable and world-writable for shared memory segments, which allows local...

Geist WatchDog Console Insecure File Permission Vulnerability

Geist WatchDog Console is a suite of environmental monitoring software from Geist USA. A security vulnerability exists in Geist WatchDog Console version 3.2.2 that stems from the program's use of weak access control lists for the C:ProgramDataWatchDog Console directory. A local attacker can explo...