22 matches found
CVE-2026-32181
Improper privilege management in Microsoft Windows allows an authorized attacker to deny service locally...
CVE-2025-34328
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component F2MAdmin that exposes an unauthenticated script-management endpoint at AudioCodesfiles/utils/IVR/diagram/ajaxScript.php. The saveScript action writes attacker-supplie...
CVE-2025-34324
GoSign Desktop versions 2.4.0 and earlier use an unsigned update manifest for distributing application updates. The manifest contains package URLs and SHA-256 hashes but is not digitally signed, so its authenticity relies solely on the underlying TLS channel. In affected versions, TLS certificate...
EUVD-2015-2136
Malware in sbrugna...
CVE-2024-42013
In GRAU DATA Blocky before 3.1, Blocky-Gui has a Client-Side Enforcement of Server-Side Security vulnerability. An attacker with Windows administrative or debugging privileges can patch a binary in memory or on disk to bypass the password login requirement and gain full access to all functions of...
CVE-2023-0652
Due to a hardlink created in the ProgramData folder during the repair process of the software, the installer MSI of WARP Client for Windows = 2022.12.582.0 allowed a malicious attacker to forge the destination of the hardlink and escalate privileges, overwriting SYSTEM protected files. As...
CVE-2011-1223
Buffer overflow in the Alternate Data Stream aka ADS or named stream functionality in the backup-archive client in IBM Tivoli Storage Manager TSM before 5.4.3.4, 5.5.x before 5.5.3, 6.x before 6.1.4, and 6.2.x before 6.2.2 on Windows allows local users to gain privileges via unspecified vectors...
PT-2025-5802
Name of the Vulnerable Software and Affected Versions: Defense Platform Home Edition versions 3.9.51.x and earlier Description: The issue allows an attacker to obtain SYSTEM privilege of the Windows system where the product is running by performing a specific operation. This is due to an executio...
CVE-2024-42013
In GRAU DATA Blocky before 3.1, Blocky-Gui has a Client-Side Enforcement of Server-Side Security vulnerability. An attacker with Windows administrative or debugging privileges can patch a binary in memory or on disk to bypass the password login requirement and gain full access to all functions of...
CVE-2024-50590
Attackers with local access to the medical office computer can escalate their Windows user privileges to "NT AUTHORITY\SYSTEM" by overwriting one of two Elefant service binaries with weak permissions. The default installation directory of Elefant is "C:\Elefant1" which is writable for all users. ...
HASOMED Elefant 安全漏洞
HASOMED Elefant is an exercise software from the German company HASOMED. It specializes in meeting the needs of psychotherapists, child and adolescent psychotherapists, and medical psychotherapists. HASOMED Elefant has a security vulnerability. An attacker with local access to a medical office...
CVE-2024-8690
Cortex XDR Agent (Windows) is affected by a detection-mechanism issue that lets a user with Windows administrator privileges disable the agent. This local-access flaw could enable malware to disable Cortex XDR and then carry out malicious activity. The public documents do not specify affected pro...
Mitsubishi Electric Multiple FA Engineering Software Products (Update E)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.0 ATTENTION : Low attack complexity Vendor : Mitsubishi Electric Equipment : Multiple FA Engineering Software Products Vulnerabilities : Improper Privilege Management, Uncontrolled Resource Consumption, Out-of-bounds Write, Improper Privilege Management 2...
PT-2024-24121 · Yubico +1 · Yubico Ykman-Gui +2
Name of the Vulnerable Software and Affected Versions: Yubico ykman-gui aka YubiKey Manager GUI versions prior to 1.2.6 Description: A privilege escalation issue exists because browser windows can open as Administrator when Edge is not used on Windows systems. This could allow for unexpected...
PT-2022-5247 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to insufficient access control in the Win32k component of Windows operating systems, which can be exploited to elevate privileges. An elevation-of-privilege issue allow...
The vulnerability of the Windows operating system, related to insecure management of privileges, allows a perpetrator to elevate their privileges.
The vulnerability of the Windows operating system is related to the insecure management of privileges. Exploiting this vulnerability can allow an attacker to enhance their privileges...
CVE-2020-10610
In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at Windows system privilege level, resulting in unauthorized information disclosure, deletion, or...
CVE-2019-18279
In Phoenix SCT WinFlash 1.1.12.0 through 1.5.74.0, the included drivers could be used by a malicious Windows application to gain elevated privileges. Adverse impacts are limited to the Windows environment and there is no known direct impact to the UEFI firmware. This was fixed in late June 2019...
Philips Brilliance CT Scanners Unauthorized Access Vulnerability
The Philips Brilliance 64, among others, is a CT scanner device from the Dutch company Philips. A security vulnerability exists in the kiosk environment in several Philips Brilliance CT devices. An attacker can use this vulnerability to escape the limitations of the kiosk environment and gain...
Gain Windows privileges with FortiClient vpn before logon and untrusted certificate
When the "VPN before logon" feature of FortiClient Windows is enabled disabled by default, and when the server certificate is not valid, it is possible for an attacker without a user account on the targeted Windows workstation to obtain SYSTEM level privileges, via exploiting the Windows "securi...