CVE-2023-40352

McAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs...

EUVD-2023-44923

Malicious code in bioql PyPI...

Incorrect Default Permissions

Kolide Agent is vulnerable to Incorrect Default Permissions. The vulnerability is due to improper permissions set on the ProgramData directory for upgraded binaries and the omission of the SystemDrive environmental variable, allowing a malicious actor to place and execute arbitrary DLLs within th...

CVE-2023-40352

McAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs...

CVE-2023-25428

A DLL Hijacking issue discovered in Soft-o Free Password Manager 1.1.20 allows attackers to create arbitrary DLLs leading to code execution...

CVE-2023-25428

A DLL Hijacking issue discovered in Soft-o Free Password Manager 1.1.20 allows attackers to create arbitrary DLLs leading to code execution...

Default credentials

A DLL Hijacking issue discovered in Soft-o Free Password Manager 1.1.20 allows attackers to create arbitrary DLLs leading to code execution...

CVE-2020-5316

Dell SupportAssist for Business PCs versions 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3 and Dell SupportAssist for Home PCs version 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, 3.2.1, 3.2.2, 3.3, 3.3.1, 3.3.2, 3.3.3, 3.4 contain an...

PortSwigger Web Security: Privilege Escalation by abusing non-existent path. (Windows)

Vulnerability Overview When Burpsuite runs, it tries to load some DLLs in the path C:\Program%20Files. Because the folder doesn't exists, it can be created by a low-privileged user which can inject arbitrary DLL into the process when another privileged user runs Burpsuite. I have verified the...

Microsoft Windows NT <= 4.0 SP4 Known DLL Cache Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/234/info The names and mappings of kernel objects in NT are cached in the object namespace. In this area, DLL mappings are kept in a section called KnownDlls. By manipulating the namespace, it is possible to redirect call...

Agnitum Outpost Internet Security Local Privilege Escalation

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require...

KingScada - kxClientDownload.ocx ActiveX Remote Code Execution (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'KingScada kxClientDownload.ocx ActiveX Remote Code Execution', 'Description' = %q This module abuses the kxClientDownload.ocx ActiveX...

Agnitum Outpost Internet Security Local Privilege Escalation

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/post/common' require...

Agnitum Outpost Internet Security Local Privilege Escalation

This Metasploit module exploits a directory traversal vulnerability on Agnitum Outpost Internet Security 8.1. The vulnerability exists in the acs.exe component, allowing the user to load load arbitrary DLLs through the acsipcserver named pipe, and finally execute arbitrary code with SYSTEM...

Agnitum Outpost Internet Security - Local Privilege Escalation (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/post/common' require...

Adobe Flash Media Server < 3.0.5 / 3.5.3 Multiple Vulnerabilities (APSB09-18)

The remote host is running Adobe Flash Media Server, an application server for Flash-based applications. The version running on the remote host is earlier than version 3.0.5 or 3.5.3. Such versions are potentially affected by the following vulnerabilities : - A resource exhaustion vulnerability c...

Preemptive Protection against Adobe Flash Media Server Directory Traversal Vulnerability (APSB09-18)

A directory traversal vulnerability has been discovered in Adobe Flash Media Server FMS. Flash Media Server FMS is an application server for Flash-based applications. This vulnerability allows a hacker to access normally-inaccessible files and directories through a specially-created HTTP request...

CVE-2007-3302

The CallCode ActiveX control in caller.dll 3.0 before 20070713, and 3.0 SP1 before 3.0.5.81, in CA formerly Computer Associates eTrust Intrusion Detection allows remote attackers to load arbitrary DLLs on a client system, and execute code from these DLLs, via unspecified "scriptable functions."...

CVE-2007-3302

The CallCode ActiveX control in caller.dll 3.0 before 20070713, and 3.0 SP1 before 3.0.5.81, in CA formerly Computer Associates eTrust Intrusion Detection allows remote attackers to load arbitrary DLLs on a client system, and execute code from these DLLs, via unspecified "scriptable functions."...