CVE-2018-11334

Windscribe 1.81 creates a named pipe with a NULL DACL that allows Everyone users to gain privileges or cause a denial of service via \.\pipe\WindscribeService...

CVE-2018-11334

Windscribe 1.81 contains a vulnerability where a named pipe (\.\pipe\WindscribeService) is created with a NULL DACL, allowing Everyone to gain privileges or cause a denial of service. This is a local issue stemming from an overly permissive named pipe ACL, enabling privilege escalation or disrupt...

Design/Logic Flaw

Panda Global Protection 17.0.1 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of .\pipe\PSANMSrvcPpal -- an "insecurely created named pipe." Ensures full access to Everyone users group...

Design/Logic Flaw

Kingsoft WPS Office Free 10.2.0.5978 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \.\pipe\WPSCloudSvr\WpsCloudSvr -- an "insecurely created named pipe." Ensures full access to Everyone users group...

CVE-2018-6322

Panda Global Protection 17.0.1 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of .\pipe\PSANMSrvcPpal -- an "insecurely created named pipe." Ensures full access to Everyone users group...

CVE-2018-6183

BitDefender Total Security 2018 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of an "insecurely created named pipe". Ensures full access to Everyone users group...

CVE-2018-6400

Kingsoft WPS Office Free 10.2.0.5978 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \.\pipe\WPSCloudSvr\WpsCloudSvr -- an "insecurely created named pipe." Ensures full access to Everyone users group...

CVE-2018-6183

BitDefender Total Security 2018 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of an "insecurely created named pipe". Ensures full access to Everyone users group...

CVE-2018-6400

Kingsoft WPS Office Free 10.2.0.5978 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \.\pipe\WPSCloudSvr\WpsCloudSvr -- an "insecurely created named pipe." Ensures full access to Everyone users group...

Panda Global Security 17.0.1 NULL DACL Grants Full Access

===== Tempest Security Intelligence - ADV-17/2018 === Panda Global Security 17.0.1 - NULL DACL grants full access ------------------------------------------------------- Author: - Filipe Xavier Oliveira: ===== Table of Contents ===================================================== Overview Detail...

WPS Free Office 10.2.0.5978 NULL DACL Grants Full Access

===== Tempest Security Intelligence - ADV-16/2018 === WPS Free Office 10.2.0.5978 - NULL DACL grants full access ------------------------------------------------------- Author: - Filipe Xavier Oliveira: filipe.xavier tempest.com.br ===== Table of Contents...