EUVD-2019-15087

Malware in sbrugna...

CVE-2019-5512

VMware Workstation 15.x before 15.0.3, 14.x before 14.1.6 running on Windows does not handle COM classes appropriately. Successful exploitation of this issue may allow hijacking of COM classes used by the VMX process, on a Windows host, leading to elevation of privilege...

CVE-2020-13534

A privilege escalation vulnerability exists in Dream Report 5 R20-2. COM Class Identifiers CLSID, installed by Dream Report 5 20-2, reference LocalServer32 and InprocServer32 with weak privileges which can lead to privilege escalation when used. An attacker can provide a malicious file to trigger...

SUSE CVE-2018-19396

ext/standard/varunserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service application crash via an unserialize call for the com, dotnet, or variant class...

CVE-2020-13534

A privilege escalation vulnerability exists in Dream Report 5 R20-2. COM Class Identifiers CLSID, installed by Dream Report 5 20-2, reference LocalServer32 and InprocServer32 with weak privileges which can lead to privilege escalation when used. An attacker can provide a malicious file to trigger...

Privilege escalation

A privilege escalation vulnerability exists in Dream Report 5 R20-2. COM Class Identifiers CLSID, installed by Dream Report 5 20-2, reference LocalServer32 and InprocServer32 with weak privileges which can lead to privilege escalation when used. An attacker can provide a malicious file to trigger...

CVE-2020-13534

A privilege escalation vulnerability exists in Dream Report 5 R20-2. COM Class Identifiers CLSID, installed by Dream Report 5 20-2, reference LocalServer32 and InprocServer32 with weak privileges which can lead to privilege escalation when used. An attacker can provide a malicious file to trigger...

Symantec Endpoint Protection ccSvc Missing Authentication Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Symantec Endpoint Protection. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

Symantec Endpoint Protection ccJobMgr Missing Authentication Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Symantec Endpoint Protection. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

Symantec Endpoint Protection AvHostPlugin Missing Authentication Arbitrary File Move Vulnerability

This vulnerability allows local attackers to move arbitrary files on affected installations of Symantec Endpoint Protection. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

Symantec Endpoint Protection AvHostPlugin Missing Authentication Arbitrary File Rename Vulnerability

This vulnerability allows local attackers to rename arbitrary files on affected installations of Symantec Endpoint Protection. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

VMware Workstation 14.1.5 / VMware Player 15 - Host VMX Process COM Class Hijack Privilege Escalation

VMware: Host VMX Process COM Class Hijack EoP Platform: VMware Workstation Windows v14.1.5 on Windows 10. Also tested VMware Player 15. Class: Elevation of Privilege Summary: COM classes used by the VMX process on a Windows host can be hijacked leading to elevation of privilege. Description: The...

VMware Workstation 14.1.5 VMware Player 15 - Host VMX Process COM Class Hijack Privilege Escalation

VMware Workstation 14.1.5 VMware Player 15 - Host VMX Process COM Class Hijack Privilege Escalation VMware: Host VMX Process COM Class Hijack EoP Platform: VMware Workstation Windows v14.1.5 on Windows 10. Also tested VMware Player 15. Class: Elevation of Privilege Summary: COM classes used by th...

CVE-2018-19396

ext/standard/varunserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service application crash via an unserialize call for the com, dotnet, or variant class...

CVE-2018-19396

Removed by vendor...

CVE-2018-19396

ext/standard/varunserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service application crash via an unserialize call for the com, dotnet, or variant class...

Microsoft Windows 10 - WLDP/MSHTML CLSID UMCI Bypass Exploit

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1328 Windows: WLDP/MSHTML CLSID UMCI Bypass Platform: Windows 10 S thought should be anything with UMCI Class: Security Feature Bypass Summary: The enlightened lockdown policy chec...

Microsoft Windows Device Guard Local Security Bypass Vulnerability(CVE-2017-11823)

Windows: WLDP/MSHTML CLSID UMCI Bypass Platform: Windows 10 S thought should be anything with UMCI Class: Security Feature Bypass Summary: The enlightened lockdown policy check for COM Class instantiation can be bypassed in MSHTML hosts leading to arbitrary code execution on a system with UMCI...

Microsoft Windows 10 - WLDP/MSHTML CLSID UMCI Bypass

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1328 Windows: WLDP/MSHTML CLSID UMCI Bypass Platform: Windows 10 S thought should be anything with UMCI Class: Security Feature Bypass Summary: The enlightened lockdown policy check for COM Class instantiation can be bypassed in...

Microsoft Windows 10 - WLDPMSHTML CLSID UMCI Bypass

Microsoft Windows 10 - WLDPMSHTML CLSID UMCI Bypass Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1328 Windows: WLDP/MSHTML CLSID UMCI Bypass Platform: Windows 10 S thought should be anything with UMCI Class: Security Feature Bypass Summary: The enlightened lockdown policy che...