24 matches found
EUVD-2020-7516
Malware in sbrugna...
EUVD-2020-7515
Malware in sbrugna...
CVE-2021-26807
GalaxyClient version 2.0.28.9 loads unsigned DLLs such as zlib1.dll, libgccsdw2-1.dll and libwinpthread-1.dll from PATH, which allows an attacker to potentially run code locally through unsigned DLL loading...
CVE-2020-15528
An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user starts or uninstalls a game because of weak file permissions and missing file integrity checks...
Exploit for Use of Hard-coded Credentials in Gog Galaxy
GOG Galaxy - Research Artifacts Repository Structure This...
GOG Galaxy 安全漏洞
GOG Galaxy is a game client program from the Polish company GOG. The program is used to install, launch and update games. A security vulnerability exists in GOG Galaxy version 2.0.46, which stems from the presence of an exploitable local lifting vulnerability that, due to insufficient folder...
Boost Connect community Galaxy Client 代码问题漏洞
Boost Connect community Galaxy Client is a Boost Connect community open source application. It provides a function to remove unused PC programs. A code issue vulnerability exists in Galaxy Client 2.0.28.9, which can be exploited by an attacker to potentially run code locally via an unsigned DLL...
CVE-2020-24574
The client aka GalaxyClientService.exe in GOG GALAXY through 2.0.41 as of 12:58 AM Eastern, 9/26/21 allows local privilege escalation from any authenticated user to SYSTEM by instructing the Windows service to execute arbitrary commands. This occurs because the attacker can inject a DLL into...
CVE-2020-7352
The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping with embedded, static RSA private key, an attacker with this key material and local user permissions can effectively send any operating system command to the...
PT-2020-19567 · Gog · Gog Galaxy
Name of the Vulnerable Software and Affected Versions: GOG Galaxy versions 1.2.x through 1.2.64 GOG Galaxy versions 2.0.x through 2.0.12 Description: The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping with an...
CVE-2020-11827
In GOG Galaxy 1.2.67, there is a service that is vulnerable to weak file/service permissions: GalaxyClientService.exe. An attacker can put malicious code in a Trojan horse GalaxyClientService.exe. After that, the attacker can re-start this service as an unprivileged user to escalate his/her...
Unspecified Vulnerability in GOG Galaxy Client
GOG Galaxy is a game client program from the Polish company GOG. The program is used to install, launch and update games. A security vulnerability exists in GOG Galaxy Client version 2.0.17, which stems from weak file permissions and can be exploited by an attacker to elevate privileges with the...
Unspecified Vulnerability in GOG Galaxy Client (CNVD-2020-53315)
GOG Galaxy is a game client program from the Polish company GOG. The program is used to install, launch and update games. A security vulnerability exists in GOG Galaxy Client version 2.0.17, which can be exploited by local attackers to elevate privileges...
CVE-2020-15528
An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user starts or uninstalls a game because of weak file permissions and missing file integrity checks...
CVE-2020-15529
An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user installs a game or performs a verify/repair operation. The issue exists because of weak file permissions and can be exploited by using opportunistic locks...
CVE-2020-15529
An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user installs a game or performs a verify/repair operation. The issue exists because of weak file permissions and can be exploited by using opportunistic locks...
Design/Logic Flaw
An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user starts or uninstalls a game because of weak file permissions and missing file integrity checks...
Design/Logic Flaw
An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user installs a game or performs a verify/repair operation. The issue exists because of weak file permissions and can be exploited by using opportunistic locks...
CVE-2020-15528
CVE-2020-15528 affects the GOG Galaxy Client version 2.0.17. The issue is a local privilege escalation caused by weak file permissions and missing file integrity checks, enabling a non-privileged user to elevate privileges when starting or uninstalling a game. Publicly available connected documen...
CVE-2020-15528
An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user starts or uninstalls a game because of weak file permissions and missing file integrity checks...