Trend Micro Apex One elevation of privilege vulnerability (CNVD-2020-52195)

Trend Micro Apex One is an endpoint protection solution that offers the broadest range of protection capabilities, including high-accuracy machine learning and advanced ransomware protection. An elevation of privilege vulnerability exists in the logic that controls access to the Misc folder in th...

(Pwn2Own) Rockwell Automation FactoryTalk View SE Backup Missing Authentication for Critical Function Vulnerability

This vulnerability allows remote attackers to create arbitrary files on affected installations of Rockwell Automation FactoryTalk View SE. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of project backups. The issue results from lack of...

CVE-2020-8948

The Sierra Wireless Windows Mobile Broadband Driver Packages MBDP before build 5043 allows an unprivileged user to overwrite arbitrary files in arbitrary folders using hard links. An unprivileged user could leverage this vulnerability to execute arbitrary code with system privileges...

CVE-2020-10642

In Rockwell Automation RSLinx Classic versions 4.11.00 and prior, an authenticated local attacker could modify a registry key, which could lead to the execution of malicious code using system privileges when opening RSLinx Classic...

CVE-2020-10515

STARFACE UCC Client before 6.7.1.204 on WIndows allows binary planting to execute code with System rights, aka usd-2020-0006...

CVE-2019-19929

An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner before 8.0.1 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded by the product...

Beckhoff TwinCAT Elevation of Privilege Vulnerability

Beckhoff TwinCAT is a suite of programming software for Programmable Logic Controllers PLCs from Beckhoff in Germany. A security vulnerability exists in Beckhoff TwinCAT version 2/3. The vulnerability can be exploited to execute code with SYSTEM privileges using the Beckhoff ADS protocol...

Unspecified Vulnerability in Tecno Camon iClick 2

The Transn Tecno Camon iClick 2 is a smartphone from the Chinese company Transn. An unspecified vulnerability exists in Tecno Camon iClick 2. The vulnerability can be exploited to execute code or commands with system privileges to record the screen, restore factory settings, obtain user's Wi-Fi...

Argus Surveillance DVR System Elevation of Privilege Vulnerability

Argus Surveillance DVR is a video playback tool. A system elevation of privilege vulnerability exists in the Argus Surveillance DVR 4.0.0.0 device, where placement of a trojan file DLL named "gsmcodec.dll" in the Argus application directory will result in arbitrary code execution with SYSTEM...

CVE-2018-6852

Vulnerability: Local Privilege Escalation in Sophos SafeGuard Enterprise (pre-8.00.5), SafeGuard Easy (pre-7.00.3), and SafeGuard LAN Crypt (pre-3.95.2). Root cause: crafted input buffer via IOCTL 0x80202298 allows control of execution to the nt!memset call, enabling zeroing of a user‑controlled ...

Security Bulletin: IBM Security Proventia Network Active Bypass is affected by glibc vulnerability (CVE-2017-1000366)

Summary IBM Security Proventia Network Active Bypass has addressed the following vulnerability. CVE-2017-1000366 Vulnerability Details CVEID: CVE-2017-1000366 DESCRIPTION: Glibc could allow a local attacker to execute arbitrary code on the system, caused by a vulnerability that allows specially...

CyberGhost for Windows Privilege Exploit

CyberGhost for Windows is a Windows-based VPN software. A power lifting vulnerability exists in CyberGhost version 6.5.0.3180 for Windows-based platforms, which stems from a NetNamedPipe endpoint created by the CG6Service service that allows installed applications to connect and invoke publicly...

NordVPN Elevation of Privilege Vulnerability

NordVPN for Windows is a Windows-based VPN software for anonymous access to the Internet. A lifting vulnerability in version 6.12.7.0 of NordVPN for Windows-based platforms stems from a NetNamedPipe endpoint created by the 'nordvpn-service' service that allows arbitrary installed applications to...

Quest NetVault Backup checksession authentication bypass vulnerability

Quest NetVault Backup is a scalable data backup and recovery solution for organizations with multiple IT environments. A checksession authentication bypass vulnerability exists in JSON RPC Request handling in Quest NetVault Backup 11.2.0.13. An attacker can exploit this vulnerability to execute...

CVE-2016-4288

A local privilege escalation vulnerability exists in BlueStacks App Player. The BlueStacks App Player installer creates a registry key with weak permissions that allows users to execute arbitrary programs with SYSTEM privileges...

AVG Internet Security avgtdix.sys Elevation of Privilege Vulnerability

AVG Internet Security is anti-virus protection software. AVG Internet Security is implemented with a local elevation of privilege vulnerability in the handling of 0x534a600c IOCTL within the avgtdix driver and 0x53606148 IOCTL within the avgidsdriverx driver. An attacker can exploit this...

IBM Tivoli Storage Manager FastBack stack buffer overflow vulnerability (CNVD-2016-01273)

IBM Tivoli Storage Manager FastBack is a suite of software from IBM USA that provides continuous data protection and recovery management capabilities for Microsoft Windows and Linux servers. A stack buffer overflow vulnerability exists in IBM Tivoli Storage Manager FastBack that originates from t...

Apple iOS IOKit integer overflow vulnerability (CNVD-2015-05563)

Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. An integer overflow vulnerability exists in Apple iOS IOKit, which allows applications to exploit the vulnerability to execute arbitrary code in the system context...

PT-2010-4103 · Microsoft · Windows Vista +3

Name of the Vulnerable Software and Affected Versions: Microsoft Windows Vista versions SP1 through SP2 Microsoft Windows Server 2008 versions Gold through SP2 and R2 Microsoft Windows 7 affected versions not specified Description: The issue arises from the Tracing Feature for Services not proper...

FloosieTek FTGate PRO 1.22 - SMTP RCPT TO Buffer Overflow

FloosieTek FTGate PRO 1.22 - SMTP RCPT TO Buffer Overflow source: https://www.securityfocus.com/bid/7508/info A buffer overflow vulnerability has been reported for Floosietek FTGate PRO mail server. The vulnerability exists when the mail server attempts to process overly long SMTP 'Rcpt To'...