11 matches found
EUVD-2020-5781
Malware in sbrugna...
CVE-2020-13532
A privilege escalation vulnerability exists in Dream Report 5 R20-2. In the default configuration, the Syncfusion Dashboard Service service binary can be replaced by attackers to escalate privileges to NT SYSTEM. An attacker can provide a malicious file to trigger this vulnerability...
Privilege escalation
A privilege escalation vulnerability exists in Dream Report 5 R20-2. IIn the default configuration, the following registry keys, which reference binaries with weak permissions, can be abused by attackers to effectively ‘backdoor’ the installation files and escalate privileges when a new user logs...
Privilege escalation
A privilege escalation vulnerability exists in Dream Report 5 R20-2. In the default configuration, the Syncfusion Dashboard Service service binary can be replaced by attackers to escalate privileges to NT SYSTEM. An attacker can provide a malicious file to trigger this vulnerability...
Privilege escalation
A privilege escalation vulnerability exists in Dream Report 5 R20-2. COM Class Identifiers CLSID, installed by Dream Report 5 20-2, reference LocalServer32 and InprocServer32 with weak privileges which can lead to privilege escalation when used. An attacker can provide a malicious file to trigger...
CVE-2020-13532
Dream Report 5 R20-2 is affected by CVE-2020-13532. Talos confirms a privilege-escalation via replacing the Syncfusion Dashboard Service binary when Dream Report is installed by default in C:\ODS with weak permissions, allowing an attacker to escalate to NT SYSTEM by providing a malicious file. R...
CVE-2020-13532
A privilege escalation vulnerability exists in Dream Report 5 R20-2. In the default configuration, the Syncfusion Dashboard Service service binary can be replaced by attackers to escalate privileges to NT SYSTEM. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2020-13533
A privilege escalation vulnerability exists in Dream Report 5 R20-2. IIn the default configuration, the following registry keys, which reference binaries with weak permissions, can be abused by attackers to effectively ‘backdoor’ the installation files and escalate privileges when a new user logs...
CVE-2020-13533
Dream Report 5 R20-2 is affected by a privilege escalation vulnerability linked to default weak permissions in the install directory and specific Run keys. The default C:\ODS permissions allow broad access, enabling an attacker to abuse Run keys ods_rtm_launch and ods_usc (mapping to RTM.exe and ...
CVE-2020-13534
A privilege escalation vulnerability exists in Dream Report 5 R20-2. COM Class Identifiers CLSID, installed by Dream Report 5 20-2, reference LocalServer32 and InprocServer32 with weak privileges which can lead to privilege escalation when used. An attacker can provide a malicious file to trigger...
CVE-2020-13534
Dream Report 5 R20-2 is affected by CVE-2020-13534, a privilege-escalation vulnerability. The root cause is weak default permissions in components installed by Dream Report (notably COM CLSIDs referencing LocalServer32 and InprocServer32 in the Dream Report System directory C:\ODS). A specially c...