23 matches found
EUVD-2020-5987
Malware in sbrugna...
EUVD-2025-9126
Malicious code in bioql PyPI...
CVE-2025-0416
Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. The DCOM object Valmet DNA Engineering has permissions that allow it to run commands as a user with the SeImpersonatePrivilege privilege. The SeImpersonatePrivilege privilege is a Windows...
CVE-2025-0416
Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. The DCOM object Valmet DNA Engineering has permissions that allow it to run commands as a user with the SeImpersonatePrivilege privilege. The SeImpersonatePrivilege privilege is a Windows...
CVE-2025-0416 Valmet DNA Local privilege escalation through insecure DCOM configuration
Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. The DCOM object Valmet DNA Engineering has permissions that allow it to run commands as a user with the SeImpersonatePrivilege privilege. The SeImpersonatePrivilege privilege is a Windows...
CVE-2025-0416 Valmet DNA Local privilege escalation through insecure DCOM configuration
Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. The DCOM object Valmet DNA Engineering has permissions that allow it to run commands as a user with the SeImpersonatePrivilege privilege. The SeImpersonatePrivilege privilege is a Windows...
CVE-2021-3576 Privilege escalation via SeImpersonatePrivilege
Execution with Unnecessary Privileges vulnerability in Bitdefender Endpoint Security Tools, Total Security allows a local attacker to elevate to 'NT AUTHORITY\System. Impersonation enables the server thread to perform actions on behalf of the client but within the limits of the client's security...
Exploit for Exposed IOCTL with Insufficient Access Control in Dell Dbutil
CVE-2021-21551 Exploit to SYSTEM for CVE-2021-21551 SpoolPrin...
Microsoft Windows Containers Privilege Escalation Vulnerability
The standard user ContainerUser in a Windows Container has elevated privileges and High integrity level which results in making it administrator equivalent even though it should be a restricted user. Windows Containers: ContainerUser has Elevated Privileges Windows Containers: ContainerUser has...
Microsoft Windows Containers Privilege Escalation
Windows Containers: ContainerUser has Elevated Privileges Windows Containers: ContainerUser has Elevated Privileges Platform: Windows 10 20H2 not tested other versions Class: Elevation of Privilege Security Boundary: User Summary: The standard user ContainerUser in a Windows Container has elevate...
CVE-2020-13770
Several services are accessing named pipes in Ivanti Endpoint Manager through 2020.1.1 with default or overly permissive security attributes; as these services run as user ‘NT AUTHORITY\SYSTEM’, the issue can be used to escalate privileges from a local standard or service account having...
CVE-2020-13770
Several services are accessing named pipes in Ivanti Endpoint Manager through 2020.1.1 with default or overly permissive security attributes; as these services run as user ‘NT AUTHORITY\SYSTEM’, the issue can be used to escalate privileges from a local standard or service account having...
CVE-2020-13770
Several services are accessing named pipes in Ivanti Endpoint Manager through 2020.1.1 with default or overly permissive security attributes; as these services run as user ‘NT AUTHORITY\SYSTEM’, the issue can be used to escalate privileges from a local standard or service account having...
Windows Net-NTLMv2 Reflection DCOM/RPC Exploit
This Metasploit module utilizes the Net-NTLMv2 reflection between DCOM/RPC to achieve a SYSTEM handle for elevation of privilege. Currently the module does not spawn as SYSTEM, however once achieving a shell, one can easily use incognito to impersonate the token. This module requires Metasploit:...
Microsoft Windows SeImpersonatePrivilege - Local Privilege Escalation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/28833/info Microsoft Windows is prone to a privilege-escalation vulnerability. Successful exploits may allow authenticated users to elevate their privileges to NetworkService. This allows attackers to execute code with...
CVE-2010-3961
The CVE-2010-3961 entry describes a local privilege-escalation in the Consent UI of Microsoft Windows (Vista SP1/SP2, Windows Server 2008 Gold SP2/R2, and Windows 7). The vulnerability stems from improper handling of an unspecified registry-key value by the Consent UI component, enabling a user w...
Microsoft Windows Consent User Interface Registry Key Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in Consent User Interface. An attacker can exploit this issue to execute arbitrary code with 'LocalSystem' privileges. Successful exploits will result in the complete compromise of affected computers...
Mircosoft Windows Token Kidnapping本地提权漏洞
CNCAN ID:CNCAN-2008101007 Microsoft Windows是一款流行的操作系统。 漏洞是由于在NetworkService或LocalService上下文运行的代码,可以访问同样是在 NetworkService或LocalService上下文下运行的进程,部分进程允许提升特权到LocalSystem。 对于IIS,默认安装是不受影响的,以Full Trust运行的ASP.NET代码受此漏洞影响,如果权限低于Full Trust,也不受此漏洞影响。同样旧Asp代码不受此漏洞影响,只有ASP.NET才受影响。 针对SQL...
MS Windows Token Kidnapping local provide the right solutions-vulnerability warning-the black bar safety net
Today MS updated security Bulletin This vulnerability is due inNetworkService or LocalService the following code running, you can access the same in the NetworkService or LocalService processes that run under that certain processes allow elevation of privileges for theLocalSystem it. For IIS, the...
CVE-2008-1436
Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the 1 NetworkService and 2 LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service...