Lucene search
K

15 matches found

Packet Storm
Packet Storm
added 2026/06/11 12:0 a.m.59 views

📄 FIFOFox: Windows Named-Pipe Weak Permission and Access Control Validation

This C-based framework analyzes Windows named pipes for insecure permission configurations and weak access controls that could introduce privilege boundary issues. The code collects metadata about target pipes, inspects security descriptors and DACL configurations, checks for potentially unsafe...

5.6AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/01/30 2:9 p.m.4 views

CVE-2025-6723 Untrusted user data can lead to privilege escalation

Chef InSpec versions up to 5.23 and before 7.0.107 creates named pipes with overly permissive default Windows access controls. A local attacker may interfere with the pipe connection process and exploit the insufficient access restrictions to assume the InSpec execution context, potentially...

5.8CVSS5.8AI score0.00119EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/30 2:9 p.m.29 views

CVE-2025-6723 Untrusted user data can lead to privilege escalation

Chef InSpec versions up to 5.23 and before 7.0.107 creates named pipes with overly permissive default Windows access controls. A local attacker may interfere with the pipe connection process and exploit the insufficient access restrictions to assume the InSpec execution context, potentially...

5.8CVSS0.00119EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:32 a.m.2 views

CVE-2024-50591

An attacker with local access the to medical office computer can escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by exploiting a command injection vulnerability in the Elefant Update Service. The command injection can be exploited by communicating with the Elefant Update Service whi...

7.8CVSS7.5AI score0.02005EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/08 12:0 a.m.12 views

PT-2024-34346 · Elefant +1 · Elefant Software Updater +1

Name of the Vulnerable Software and Affected Versions: Elefant Software Updater ESU affected versions not specified Description: An attacker with local access to a medical office computer can escalate their Windows user privileges to "NT AUTHORITYSYSTEM" by exploiting a command injection...

7.8CVSS7.6AI score0.02005EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2024/04/23 1:44 a.m.5 views

SUSE CVE-2024-27308

Mio is a Metal I/O library for Rust. When using named pipes on Windows, mio will under some circumstances return invalid tokens that correspond to named pipes that have already been deregistered from the mio registry. The impact of this vulnerability depends on how mio is used. For some...

9.1CVSS6.9AI score0.00889EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 8:15 p.m.8 views

AZL-61991 CVE-2024-27308 affecting package tardev-snapshotter 3.2.0.tardev1-6

Mio is a Metal I/O library for Rust. When using named pipes on Windows, mio will under some circumstances return invalid tokens that correspond to named pipes that have already been deregistered from the mio registry. The impact of this vulnerability depends on how mio is used. For some...

9.1CVSS7AI score0.00889EPSS
Exploits0References1
OSV
OSV
added 2024/03/06 8:15 p.m.6 views

AZL-35748 CVE-2024-27308 affecting package rpm-ostree for versions less than 2024.4-1

Mio is a Metal I/O library for Rust. When using named pipes on Windows, mio will under some circumstances return invalid tokens that correspond to named pipes that have already been deregistered from the mio registry. The impact of this vulnerability depends on how mio is used. For some...

9.1CVSS7AI score0.00889EPSS
Exploits0References1
RustSec
RustSec
added 2024/03/04 12:0 p.m.7 views

Tokens for named pipes may be delivered after deregistration

Impact When using named pipes on Windows, mio will under some circumstances return invalid tokens that correspond to named pipes that have already been deregistered from the mio registry. The impact of this vulnerability depends on how mio is used. For some applications, invalid tokens may be...

9.1CVSS7AI score0.00889EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/04 12:0 a.m.10 views

PT-2024-21810

Name of the Vulnerable Software and Affected Versions mio versions 0.7.2 through 0.8.10 Tokio versions 1.30.0 and later, when used with a vulnerable version of mio Description The issue occurs when using named pipes on Windows, where mio may return invalid tokens corresponding to named pipes that...

9.1CVSS7.8AI score0.00889EPSS
Exploits0References14
Kitploit
Kitploit
added 2023/12/20 11:30 a.m.20 views

PipeViewer - A Tool That Shows Detailed Information About Named Pipes In Windows

A GUI tool for viewing Windows Named Pipes and searching for insecure permissions. The tool was published as part of a research about Docker named pipes: "Breaking Docker Named Pipes SYSTEMatically: Docker Desktop Privilege Escalation – Part 1" "Breaking Docker Named Pipes SYSTEMatically: Docker...

7.1AI score
Exploits0References4
CNNVD
CNNVD
added 2023/01/04 12:0 a.m.4 views

Tokio 安全漏洞

Tokio is a software library for the Rust programming language. It provides runtime and enabled asynchronous I / O functionality, thus allowing concurrency related to task completion. Tokio suffers from a security vulnerability that stems from its configuration of the Windows Named Pipes Server,...

5.4CVSS5.6AI score0.00569EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2022/06/14 5:0 p.m.5 views

CVE-2022-32230

Microsoft Windows SMBv3 suffers from a null pointer dereference in versions of Windows prior to the April, 2022 patch set. By sending a malformed FileNormalizedNameInformation SMBv3 request over a named pipe, an attacker can cause a Blue Screen of Death BSOD crash of the Windows kernel. For most...

7.8CVSS5.5AI score0.06977EPSS
Exploits1References5Affected Software4
Positive Technologies
Positive Technologies
added 2020/11/03 12:0 a.m.10 views

PT-2020-17051 · Mariadb Foundation +4 · Mariadb +3

With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed between...

7CVSS6.8AI score0.02487EPSS
Exploits0References15
Nmap
Nmap
added 2008/11/06 2:52 a.m.578 views

ms-sql-info NSE Script

Attempts to determine configuration and version information for Microsoft SQL Server instances. SQL Server credentials required: No will not benefit from mssql.username & mssql.password. Run criteria: Host script: Will always run. Port script: N/A NOTE: Unlike previous versions, this script will...

10CVSS9.5AI score0.99448EPSS
Exploits33
Rows per page
Query Builder