CVE-2020-9367

The MPS Agent in Zoho ManageEngine Desktop Central MSP build MSP build 10.0.486 is vulnerable to DLL Hijacking: dcinventory.exe and dcconfig.exe try to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because this DLL is missing from the installation, thus making it...

DLLHSC - DLL Hijack SCanner A Tool To Assist With The Discovery Of Suitable Candidates For DLL Hijacking

DLL Hijack SCanner - A tool to generate leads and automate the discovery of candidates for DLL Search Order Hijacking Contents of this repository This repository hosts the Visual Studio project file for the tool DLLHSC, the project file for the API hooking functionality detour, the project file f...

DELL Dell SupportAssist Client 代码问题漏洞

Dell SupportAssist for Business PCs is a client application for enterprise PCs. Dell SupportAssist for Home PCs is a client application for home PCs that provides automated, proactive and predictive techniques for troubleshooting and more. Dell SupportAssist for Home PCs and Dell SupportAssist fo...

CVE-2020-13552

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via multiple service executables in installation folder of WebAccess, an attacker can either replace binary or loaded modules to...

Privilege escalation

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via multiple service executables in installation folder of WebAccess, an attacker can either replace binary or loaded modules to...

CVE-2020-13552

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via multiple service executables in installation folder of WebAccess, an attacker can either replace binary or loaded modules to...

Advantech WebAccess/SCADA installation privilege escalation vulnerability

Summary Multiple exploitable local privilege elevation vulnerabilities exist in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. Depending on the vector chosen, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. Tested...

[SECURITY] Fedora 33 Update: mingw-binutils-2.34-7.fc33

Cross compiled binutils utilities like 'strip', 'as', 'ld' which understand Windows executables and DLLs...

Design/Logic Flaw

Check Point SmartConsole before R80.10 Build 185, R80.20 Build 119, R80.30 before Build 94, R80.40 before Build 415, and R81 before Build 548 were vulnerable to a possible local privilege escalation due to running executables from a directory with write access to all authenticated users...

Fedora: Security Advisory for mingw-binutils (FEDORA-2020-28c78a6ac3)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 32 Update: mingw-binutils-2.32-9.fc32

Cross compiled binutils utilities like 'strip', 'as', 'ld' which understand Windows executables and DLLs...

CVE-2020-13540

An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via WIN-911 Account Change Utility. Depending on the vector chosen, an attacker can overwrite various executables which could lead to escalation of the...

CVE-2020-13539

An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via “WIN-911 Mobile Runtime” service. Depending on the vector chosen, an attacker can overwrite various executables which could lead to escalation of t...

CVE-2020-13540

An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via WIN-911 Account Change Utility. Depending on the vector chosen, an attacker can overwrite various executables which could lead to escalation of the...

Privilege escalation

An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via “WIN-911 Mobile Runtime” service. Depending on the vector chosen, an attacker can overwrite various executables which could lead to escalation of t...

CVE-2020-13540

An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via WIN-911 Account Change Utility. Depending on the vector chosen, an attacker can overwrite various executables which could lead to escalation of the...

Drow - Injects Code Into ELF Executables Post-Build

drow is a command-line utility that is used to inject code and hook the entrypoint of ELF executables post-build. It takes unmodified ELF executables as input and exports a modified ELF contianing an embedded user-supplied payload that executes at runtime. Slightly more detail ... Drow takes the...

[SECURITY] Fedora 33 Update: mingw-binutils-2.34-4.fc33

Cross compiled binutils utilities like 'strip', 'as', 'ld' which understand Windows executables and DLLs...

[SECURITY] Fedora 32 Update: mingw-binutils-2.32-8.fc32

Cross compiled binutils utilities like 'strip', 'as', 'ld' which understand Windows executables and DLLs...

CVE-2020-13958

A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the target users file system. These hyperlinks can be triggered unconditionally. In fixed versions no internal protocol may be called from the documen...