Lucene search
K

189 matches found

Cvelist
Cvelist
added 2021/12/28 7:18 p.m.19 views

CVE-2020-22057

The WinRin0x64.sys and WinRing0.sys low-level drivers in EVGA Precision XOC version v6.2.7 were discovered to be configured with the default security descriptor which allows attackers to access sensitive components and data...

9.3AI score0.01052EPSS
Exploits0References1
Veracode
Veracode
added 2021/02/07 10:35 p.m.37 views

Remote Code Execution (RCE)

mariadb is vulnerable to remote code execution. The vulnerability exist due to an incorrect security descriptor...

7CVSS3AI score0.00421EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2020/12/24 8:15 p.m.29 views

CVE-2020-28912

With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed between...

7CVSS7.6AI score
Exploits0References2
OSV
OSV
added 2020/12/24 8:15 p.m.3 views

ALPINE-CVE-2020-28912

With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed between...

7CVSS7.5AI score0.00421EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2020/12/24 8:15 p.m.32 views

CVE-2020-28912

With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed between...

7CVSS7.2AI score0.00421EPSS
Exploits0References3
CVE
CVE
added 2020/12/24 7:49 p.m.227 views

CVE-2020-28912

CVE-2020-28912 concerns MariaDB running on Windows where local clients connecting via named pipes can be intercepted by an unprivileged user who can then act as a man‑in‑the‑middle. The root cause is an incorrect security descriptor. Affects MariaDB Server before 10.1.48, 10.2.x before 10.2.35, 1...

7CVSS7.1AI score0.00421EPSS
Exploits0References2Affected Software1
MariaDBUnix
MariaDBUnix
added 2020/12/24 7:49 p.m.35 views

CVE-2020-28912

Disclaimer: This data contains information about vulnerable...

7CVSS9.4AI score0.00421EPSS
Exploits0
Debian CVE
Debian CVE
added 2020/12/24 7:49 p.m.51 views

CVE-2020-28912

With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed between...

7CVSS8.2AI score0.00421EPSS
Exploits0
Cvelist
Cvelist
added 2020/12/24 7:49 p.m.66 views

CVE-2020-28912

With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed between...

7.2AI score0.00421EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2020/12/24 7:49 p.m.53 views

CVE-2020-28912

With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed between...

7CVSS7.3AI score0.00421EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2020/11/18 10:27 p.m.48 views

CVE-2020-28912

With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed between...

7.3CVSS2.5AI score0.02487EPSS
Exploits0References3
Metasploit
Metasploit
added 2020/09/30 5:41 p.m.1076 views

Windows Secrets Dump

Dumps SAM hashes and LSA secrets including cached creds from the remote Windows target without executing any agent locally. This is done by remotely updating the registry key security descriptor, taking advantage of the WriteDACL privileges held by local administrators to set temporary read...

7.3AI score
Exploits0
ossfuzz
ossfuzz
added 2020/07/22 3:33 p.m.15 views

libyal:libfwnt_security_descriptor_fuzzer: Heap-buffer-overflow in libfwnt_access_control_entry_copy_from_byte_stream

Detailed Report: https://oss-fuzz.com/testcase?key=6301962723917824 Project: libyal Fuzzing Engine: libFuzzer Fuzz Target: libfwntsecuritydescriptorfuzzer Job Type: libfuzzerasani386libyal Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address: 0xf5100b13 Crash State:...

6.8AI score
Exploits0Affected Software1
Microsoft KB
Microsoft KB
added 2020/04/10 12:0 a.m.6 views

"Code 0x80070057 The parameter is incorrect" error when you try to display a user's "effective access" to a file

"Code 0x80070057 The parameter is incorrect" error when you try to display a user's "effective access" to a file This article describes an issue that occurs when you try to display a user's "effective access" to a file in Windows 8.1, Windows Server 2012 R2, Windows 8, or Windows Server 2012. You...

6.2AI score
Exploits0
0day.today
0day.today
added 2019/09/16 12:0 a.m.182 views

AppXSvc - Privilege Escalation Vulnerability

----------------------------------------------------------------------------- Exploit Title: AppXSvc - Arbitrary File Security Descriptor Overwrite EoP Exploit Author: Gabor Seljan Vendor Homepage: https://www.microsoft.com/ Version: 17763.1.amd64fre.rs5release.180914-1434 Tested on: Windows 10...

7.8CVSS0.9AI score0.414EPSS
Exploits21
exploitpack
exploitpack
added 2019/09/16 12:0 a.m.91 views

AppXSvc - Privilege Escalation

AppXSvc - Privilege Escalation ----------------------------------------------------------------------------- Exploit Title: AppXSvc - Arbitrary File Security Descriptor Overwrite EoP Date: Sep 4 2019 Exploit Author: Gabor Seljan Vendor Homepage: https://www.microsoft.com/ Version:...

7.2CVSS0.6AI score0.414EPSS
Exploits21
Exploit DB
Exploit DB
added 2019/09/16 12:0 a.m.544 views

AppXSvc - Privilege Escalation

----------------------------------------------------------------------------- Exploit Title: AppXSvc - Arbitrary File Security Descriptor Overwrite EoP Date: Sep 4 2019 Exploit Author: Gabor Seljan Vendor Homepage: https://www.microsoft.com/ Version: 17763.1.amd64fre.rs5release.180914-1434 Tested...

7.8CVSS7.1AI score0.414EPSS
Exploits21
BDU FSTEC
BDU FSTEC
added 2019/07/18 12:0 a.m.21 views

The vulnerability of the Sn5Crypto.sys driver of the Secret Net Studio security system, which allows a hacker to trigger a service failure.

The vulnerability of the Sn5Crypto.sys driver of the Secret Net Studio security system is related to errors in processing the SECURITYDESCRIPTOR structure. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.9CVSS5.5AI score
Exploits0Affected Software1
exploitpack
exploitpack
added 2019/06/24 12:0 a.m.30 views

Microsoft Windows - CmpAddRemoveContainerToCLFSLog Arbitrary FileDirectory Creation

Microsoft Windows - CmpAddRemoveContainerToCLFSLog Arbitrary FileDirectory Creation Windows: CmpAddRemoveContainerToCLFSLog Arbitrary File/Directory Creation EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: Use...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/05/23 12:0 a.m.121 views

Microsoft Windows 10 1809 - 'CmKeyBodyRemapToVirtualForEnum' Arbitrary Key Enumeration Privilege Escalation

Windows: CmKeyBodyRemapToVirtualForEnum Arbitrary Key Enumeration EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary Summary: The kernel’s Registry Virtualization doesn’t safely open the real key fo...

7.4AI score
Exploits0
Rows per page
Query Builder