📄 Microsoft Event Log Remote Protocol Arbitrary File Write

This Python script demonstrates the abuse of the Microsoft Event Log Remote Protocol MS-EVEN to achieve an arbitrary file write over SMB using low-privileged credentials. By interacting with the Windows \pipe\eventlog named pipe through DCERPC, the script leverages the ElfrOpenBELW and...

Fortinet FortiClient pipe object (FG-IR-22-429)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-429 advisory. - Multiple vulnerabilities including an incorrect permission assignment for critical resource CWE-732 vulnerability and a...

CVE-2022-43946

Multiple vulnerabilities including an incorrect permission assignment for critical resource CWE-732 vulnerability and a time-of-check time-of-use TOCTOU race condition CWE-367 vulnerability in Fortinet FortiClientWindows before 7.0.7 allows attackers on the same file sharing network to execute...

CVE-2022-43946

Multiple vulnerabilities including an incorrect permission assignment for critical resource CWE-732 vulnerability and a time-of-check time-of-use TOCTOU race condition CWE-367 vulnerability in Fortinet FortiClientWindows before 7.0.7 allows attackers on the same file sharing network to execute...

CVE-2022-43946

Multiple vulnerabilities including an incorrect permission assignment for critical resource CWE-732 vulnerability and a time-of-check time-of-use TOCTOU race condition CWE-367 vulnerability in Fortinet FortiClientWindows before 7.0.7 allows attackers on the same file sharing network to execute...

CVE-2022-43946

Multiple vulnerabilities including an incorrect permission assignment for critical resource CWE-732 vulnerability and a time-of-check time-of-use TOCTOU race condition CWE-367 vulnerability in Fortinet FortiClientWindows before 7.0.7 allows attackers on the same file sharing network to execute...

PT-2023-9673 · Fortinet · Forticlient

Name of the Vulnerable Software and Affected Versions: Fortinet FortiClientWindows versions prior to 7.0.7 Description: The issue is related to an incorrect permission assignment for a critical resource and a time-of-check time-of-use TOCTOU race condition vulnerability. This could allow a remote...

Fortinet FortiClientWindows 安全漏洞

Fortinet FortiClientWindows is a Windows-based mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. Fortinet FortiClientWindows has an...

CVE-2023-0629

Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation ECI restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/dockerenginelinux on Windows, via the -H --host CLI flag or the DOCKERHOST environment variable and launch containers...

SUSE-SU-2016:1997-1 Security update for java-1_7_0-openjdk

This update for java-170-openjdk fixes the following issues: - Update to 2.6.7 - OpenJDK 7u111 Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking bsc989732 - S8145446, CVE-2016-3485: Perfect pipe placement Windows only bsc989734 - S8147771: Construction of static protection domai...