832 matches found
Design/Logic Flaw
A vulnerability in the exacqVision Enterprise System Manager ESM v5.12.2 application whereby unauthorized privilege escalation can potentially be achieved. This vulnerability impacts exacqVision ESM v5.12.2 and all prior versions of ESM running on a Windows operating system. This issue does not...
CVE-2019-7588 exacqVision Enterprise System Manager (ESM) privilege escalation
A vulnerability in the exacqVision Enterprise System Manager ESM v5.12.2 application whereby unauthorized privilege escalation can potentially be achieved. This vulnerability impacts exacqVision ESM v5.12.2 and all prior versions of ESM running on a Windows operating system. This issue does not...
Firefox and Edge Fall to Hackers on Day Two of Pwn2Own
Hackers took down the Mozilla Firefox and Microsoft Edge browsers on Thursday at Pwn2Own, the annual hacking conference held in tandem with CanSecWest, as the competition continued for a second day. The dynamic hacking duo of Amat Cama and Richard Zhu, which make up team Fluoroacetate, had anothe...
MaxxAudio Drivers WavesSysSvc64.exe 1.6.2.0 - Local Privilege Escalation
Exploit Title: MaxxAudio Drivers WavesSysSvc64.exe File Permissions SYSTEM Privilege Escalation Google Dork: Date: 2/18/2019 Exploit Author: Mike Siegel @mlsiegel Vendor Homepage: https://maxx.com Software Link: Version: 1.6.2.0 May affect other versions Tested on: Win 10 64 bit CVE :...
CVE-2019-8917
SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The InvokeActionMethod method ma...
exacqVision ESM 5.12.2 Privilege Escalation
Exploit Title: exacqVision ESM 5.12.2 - Privilege Escalation Exploit Author: bzyo Twitter: @bzyo Date: 2019-02-13 Vulnerable Software: http://cdnpublic.exacq.com/5.12/exacqVisionEnterpriseSystemManager5.12.2.150128x86.exe Vendor Homepage: https://www.exacq.com Version: 5.12.2.150128 Tested Window...
CVE-2018-10143
The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this service/application...
Design/Logic Flaw
The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this service/application...
Remote Code Execution in Expedition Migration Tool
A remote code execution vulnerability exists in the Palo Alto Networks Migration Tool “Expedition”. Ref MT-794/ CVE-2018-10143 Successful exploitation of this issue may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this service/application...
Remote Code Execution in Expedition Migration Tool
A remote code execution vulnerability exists in the Palo Alto Networks Migration Tool “Expedition”. Ref MT-794/ CVE-2018-10143 Successful exploitation of this issue may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this service/application...
ELBA5 5.8.0 - Remote Code Execution
Exploit Title: ELBA5 5.8.0 - Remote Code Execution Date: 2018-11-16 Exploit Author: Florian Bogner Vendor Homepage: https://www.elba.at Vulnerable Software: https://www.elba.at/eBusiness/01template1/1206507788612244132-12065155957890496571206515641959948315-1292519691128454196-NA-38-NA.html...
SolarWinds DameWare Mini Remote Control < 12.0.3 Buffer Overflow Vulnerability
SolarWinds DameWare Mini Remote Control is prone to a local buffer overflow vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE ...
CVE-2018-14828
Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level...
Input validation
A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of...
CVE-2018-0431 Cisco Integrated Management Controller Command Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of...
AXIS Multiple Vulnerabilities (ACV-128401)
The firmware version running on the remote host is vulnerable to multiple vulnerabilities. An unauthenticated remote attacker could gain system-level unauthorized access to the affected device. Note that Nessus has not tested for these issues but has instead relied only on the application's...
Cisco Web Security Appliance Privilege Escalation Vulnerability
A vulnerability in the account management subsystem of Cisco Web Security Appliance WSA could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate with valid administrator credentials. The vulnerability is due to improper implementation of access...
Splinterware System Scheduler Pro 5.12 - Privilege Escalation
Exploit Title: Splinterware System Scheduler Pro 5.12 - Privilege Escalation Exploit Author: bzyo Twitter: @bzyo Date: 2018-07-21 Vulnerable Software: System Scheduler Pro 5.12 Vendor Homepage: https://www.splinterware.com Version: 5.12 Tested Windows 7 SP1 x86 CVE: N/A Description: Splinterware...
Microsoft Windows Child Window NULL Pointer Dereference Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of...
Buffer overflow
Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80206040. By crafting an input buffer we can control the execution path to the point where the constant DWORD 0 will be written t...