Design/Logic Flaw

Unquoted Windows search path vulnerability in the guest service in Unisys s-Par before 4.4.20 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe...

elfintils 'elf_compress.c' file denial of service vulnerability

elfutils is a collection of utilities and libraries for reading, creating and modifying ELF binaries. A denial of service vulnerability exists in the elfcompress.c file in elfutils version 0.168. A remote attacker can exploit this vulnerability to cause a denial of service memory consumption with...

CVE-2015-7260

Liebert MultiLink Automated Shutdown v4.2.4 allows local users to gain privileges by replacing the LiebertM executable file...

CVE-2015-7260

Liebert MultiLink Automated Shutdown v4.2.4 allows local users to gain privileges by replacing the LiebertM executable file...

DEBIAN-CVE-2017-7611

The checksymtabshndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted ELF file...

UBUNTU-CVE-2017-6448

The dalvikdisassemble function in libr/asm/p/asmdalvik.c in radare2 1.2.1 allows remote attackers to cause a denial of service stack-based buffer overflow and application crash or possibly have unspecified other impact via a crafted DEX file...

CVE-2016-8769

Huawei UTPS earlier than UTPS-V200R003B015D16SPC00C983 has an unquoted service path vulnerability which can lead to the truncation of UTPS service query paths. An attacker may put an executable file in the search path of the affected service and obtain elevated privileges after the executable fil...

Design/Logic Flaw

Huawei UTPS earlier than UTPS-V200R003B015D16SPC00C983 has an unquoted service path vulnerability which can lead to the truncation of UTPS service query paths. An attacker may put an executable file in the search path of the affected service and obtain elevated privileges after the executable fil...

DEBIAN-CVE-2016-10254

The allocateelf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service crash via a crafted ELF file, which triggers a memory allocation failure...

Introduction to Reverse Engineering Cocoa Applications

While not as common as Windows malware, there has been a steady stream of malware discovered over the years that runs on the OS X operating system, now rebranded as macOS. February saw three particularly interesting publications on the topic of macOS malware: a Trojan Cocoa application that sends...

Foxit PDF Toolkit Detection (Windows SMB Login)

SMB login and WMI file search based detection of Foxit PDF Toolkit. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Web Servers Malicious Upload Directory Traversal (CVE-2022-29596)

A directory traversal vulnerability exists in web servers. The vulnerability allows unauthorized users to upload malicious files to the server. A remote attacker can exploit this vulnerability by uploading an arbitrary, executable file and executing it under the context of SYSTEM...

Code injection

WampServer 3.0.6 installs two services called 'wampapache' and 'wampmysqld' with weak file permissions, running with SYSTEM privileges. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. To properly exploit th...

CVE-2016-10031

WampServer 3.0.6 installs two services called 'wampapache' and 'wampmysqld' with weak file permissions, running with SYSTEM privileges. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. To properly exploit th...

Wampserver 3.0.6 - Insecure File Permissions Privilege Escalation Vulnerability

Exploit for windows platform in category local exploits ===================================================== Vendor Homepage: http://www.wampserver.com/ Date: 10 Dec 2016 Version : Wampserver 3.0.6 32 bit x86 Tested on: Windows 7 Ultimate SP1 EN Author: Heliand Dema Contact: email protected...

CVE-2016-7300

Untrusted search path vulnerability in Microsoft Auto Updater for Mac allows local users to gain privileges via a Trojan horse executable file, aka "Microsoft MAU Office Elevation of Privilege Vulnerability."...

CVE-2016-7300

CVE-2016-7300 affects Microsoft Auto Update (MAU) for Mac. The root cause is an untrusted search path and improper update validation that lets a local attacker place a crafted executable to execute code with elevated privileges. Impact is local privilege escalation; public exploits exist and were...

Microsoft Bowser.sys Information Disclosure (MS16-135: CVE-2016-7218)

An information disclosure vulnerability exists in Microsoft Windows regarding bowser.sys . A local attacker could exploit this vulnerability by running a specially crafted malicious executable file. Successful exploitation of this vulnerability could lead to information disclosure...

Design/Logic Flaw

A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM account. More Information: CSCvb68043. Known Affected...

Cisco AnyConnect Secure Mobility Client Local Privilege Escalation Vulnerability

A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM account. The vulnerability is due to incorrect...