15 matches found
CVE-2021-22961
A code injection vulnerability exists within the firewall software of GlassWire v2.1.167 that could lead to arbitrary code execution from a file in the user path on first execution...
EUVD-2021-10086
Malware in sbrugna...
GlassWire: Facebook App API credentials leaked in the APK
Facebook App API credentials were leaked in the GlassWire version 1,1,26,0b F1827380 APK file, including the App ID and App Secret. This could allow an attacker to modify Facebook App settings using the leaked token...
CVE-2021-22961
A code injection vulnerability exists within the firewall software of GlassWire v2.1.167 that could lead to arbitrary code execution from a file in the user path on first execution...
Code injection
A code injection vulnerability exists within the firewall software of GlassWire v2.1.167 that could lead to arbitrary code execution from a file in the user path on first execution...
CVE-2021-22961
A code injection vulnerability exists within the firewall software of GlassWire v2.1.167 that could lead to arbitrary code execution from a file in the user path on first execution...
CVE-2021-22961
CVE-2021-22961 (GlassWire v2.1.167) is a code-injection vulnerability in the firewall software that can lead to arbitrary code execution on first run. The issue arises from the component loading a file from the user’s PATH (notably loading Wtsapi32.dll.dll ) without proper validation, enabling a...
GlassWire 代码注入漏洞
GlassWire is a firewall software. A code injection vulnerability exists in GlassWire version 2.1.167, which arises from arbitrary code execution from a file in a user's path when the program is first executed...
GlassWire: GlassWire 2.1.167 vulnerability - MSVR 56639
Arbitrary code execution vulnerability within the firewall software, GlassWire version 2.1.167 Impact After the program is installed, on first execution, it will attempt to load Wtsapi32.dll.dll from the user's PATH without doing any checks to see if the file is signed. Attached is a demo...
GlassWire: Uncontrolled Search Path Element allows DLL hijacking for priv esc to SYSTEM
GlassWire contains a DLL hijacking vulnerability that could allow an authenticated attacker to execute arbitrary code on the targeted system. The vulnerability exists due to GlassWire loading DLL files from the PATH environment variable without verification. The machine should have at least one...
GlassWire – Data Usage Privacy - Exported ContentProvider, Suspicious files vulnerabilities
HackApp vulnerability scanner discovered that application GlassWire – Data Usage Privacy published at the 'play' market has multiple vulnerabilities...
GlassWire: Bypass GlassWire's monitoring of Hosts file
Product version: 1.2.64beta OS version: Windows 8.1 Enterprise x86 If a program modifies the Hosts file C:\Windows\System32\drivers\etc\hosts, GlassWire notifies the user that "system file changed" with the path of the hosts file see attachment "screenshothostschanged.png". I discover that a...
GlassWire: GlassWireSetup.exe subject to EXE planting attack
GlassWire recently fixed a DLL hijacking attack whereby trojan DLLs would be loaded from the user's \Downloads\ folder. However, it appears that GlasswireSetup.exe still uses an unqualified path when running CertUtil.exe and as a consequence a trojaned CertUtil.exe will execute from the \Download...
GlassWire: DLL Hijacking Vulnerability in GlassWireSetup.exe
GlasswireSetup.exe is subject to the attack described here: http://textslashplain.com/2015/12/18/dll-hijacking-just-wont-die/ You can get a simple demo with this harmless DLL: https://bayden.com/dl/shfolder.dll See attached image for proof of execution...
GlassWire: Clickjacking: X-Frame-Options header missing
Hello. Typical simple bug. Victim - www.glasswire.com "It allows remote attackers to do some clickjacking which can be used for adding arbitrary tasks . Why? Almost all of your page has missing X-FRAME-OPTIONS header. Websites are at risk of a clickjacking attack when they allow content to be...