91 matches found
CVE-2023-45883
A privilege escalation vulnerability exists within the Qumu Multicast Extension v2 before 2.0.63 for Windows. When a standard user triggers a repair of the software, a pop-up window opens with SYSTEM privileges. Standard users may use this to gain arbitrary code execution as SYSTEM...
PT-2023-29744 · Qumu · Qumu Multicast Extension V2
Name of the Vulnerable Software and Affected Versions: Qumu Multicast Extension v2 versions prior to 2.0.63 Description: A privilege escalation issue exists within the Qumu Multicast Extension v2 for Windows. When a standard user triggers a repair of the software, a pop-up window opens with SYSTE...
Vidyo Qumu Multicast Extension Security Vulnerability
Vidyo Qumu Multicast Extension is a multicast extension from Vidyo USA. A security vulnerability exists in Vidyo Qumu Multicast Extension version 2.0.63, which originates from a pop-up window that opens with system privileges when a software fix is triggered by a standard user...
PT-2023-7092 · Lenovo +1 · Lenovo Preloaded Devices +1
Name of the Vulnerable Software and Affected Versions: Lenovo preloaded devices affected versions not specified Description: A privilege escalation issue was reported due to incorrect default privileges in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account...
Citrix Secure Access < 23.5.1.3 Privilege Escalation (CTX561480)
A privilege escalation vulnerability has been discovered in the Citrix Secure Access client for Windows which, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the vulnerable client installed to escalate their local privileges to that of NT...
CVE-2023-32232
An issue was discovered in Vasion PrinterLogic Client for Windows before 25.0.0.836. During client installation and repair, a PrinterLogic binary is called by the installer to configure the device. This window is not hidden, and is running with elevated privileges. A standard user can break out o...
CVE-2023-24491
A vulnerability has been discovered in the Citrix Secure Access client for Windows which, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the vulnerable client installed to escalate their local privileges to that of NT AUTHORITY\SYSTEM...
Citrix Systems Secure Access 安全漏洞
Citrix Systems Secure Access is a secure access solution from Citrix Systems, Inc. A security vulnerability exists in Citrix Systems Secure Access versions prior to 23.5.1.3 that originates from the installation of a standard user account access endpoint from a vulnerable client that can escalate...
CVE-2022-48222
An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK installation, certutil.exe is called by the Acuant installer to install certificates. This window is not hidden, and is running with elevated privileges. A standard user can break out of this window, obtaining a full...
CVE-2022-48221
An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. Multiple MSI's get executed out of a standard-user writable directory. Through a race condition and OpLock manipulation, these files can be overwritten by a standard user. They then get executed by the elevated installer. This give...
CVE-2022-48221
An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. Multiple MSI's get executed out of a standard-user writable directory. Through a race condition and OpLock manipulation, these files can be overwritten by a standard user. They then get executed by the elevated installer. This give...
Race condition
An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. Multiple MSI's get executed out of a standard-user writable directory. Through a race condition and OpLock manipulation, these files can be overwritten by a standard user. They then get executed by the elevated installer. This give...
Acuant AcuFill SDK 竞争条件问题漏洞
Acuant AcuFill SDK is a data capture technology from the American company Acuant. All major data fields can be extracted from a document. A security vulnerability exists in Acuant AcuFill SDK that originates from multiple MSIs executing from a standard user writable directory. These files can be...
PT-2023-15618 · Acuant · Acuant Acufill Sdk
Name of the Vulnerable Software and Affected Versions: Acuant AcuFill SDK versions prior to 10.22.02.03 Description: The issue allows a standard user to elevate privileges to full SYSTEM code execution. This is achieved through a race condition and OpLock manipulation, enabling a standard user to...
PT-2023-15623 · Acuant · Acuant Acufill Sdk
Name of the Vulnerable Software and Affected Versions: Acuant AcuFill SDK versions prior to 10.22.02.03 Description: An issue was discovered in the Acuant AcuFill SDK. During installation, an executable file gets executed out of the C:WindowsTemp directory. A standard user can create the path fil...
CVE-2022-48221
An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. Multiple MSI's get executed out of a standard-user writable directory. Through a race condition and OpLock manipulation, these files can be overwritten by a standard user. They then get executed by the elevated installer. This give...
Citrix Workspace App 安全漏洞
Citrix Systems Citrix Workspace App formerly known as Receiver is an application used to provide secure access to applications, desktops, and data from Citrix Systems, Inc. A security vulnerability exists in the Citrix Workspace App that originates from allowing a standard user to perform...
CVE-2023-25011
PC settings tool Ver10.1.26.0 and earlier, PC settings tool Ver11.0.22.0 and earlier allows a attacker to write to the registry as administrator privileges with standard user privileges...
CVE-2023-25011
PC settings tool Ver10.1.26.0 and earlier, PC settings tool Ver11.0.22.0 and earlier allows a attacker to write to the registry as administrator privileges with standard user privileges...
CVE-2021-42851
A vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create a standard user account...