CVE-2025-13733

BuhoNTFS contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via insecure functions.This issue affects BuhoNTFS: 1.3.2...

CVE-2025-13733 BuhoNTFS 1.3.2 - Local Privilege Escalation

BuhoNTFS contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via insecure functions.This issue affects BuhoNTFS: 1.3.2...

CVE-2020-25736

Acronis True Image 2019 update 1 through 2021 update 1 on macOS allows local privilege escalation due to an insecure XPC service configuration...

CVE-2024-56800

Firecrawl is a web scraper that allows users to extract the content of a webpage for a large language model. Versions prior to 1.1.1 contain a server-side request forgery SSRF vulnerability. The scraping engine could be exploited by crafting a malicious site that redirects to a local IP address...

CVE-2024-30124

HCL Sametime is impacted by insecure services in-use on the UIM client by default. An unused legacy REST service was enabled by default using the HTTP protocol. An attacker could potentially use this service endpoint maliciously...

The vulnerability of the multimedia extraction function in Cisco WebEx Teams software allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the multimedia extraction function in Cisco WebEx Teams software relates to the insecure transmission of requests to internal services. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information using ...

Detecting and Visualizing Lateral Movement Attacks with Trellix XDR

Detecting and Visualizing Lateral Movement Attacks with Trellix XDR By Chintan Shah, Maulik Maheta, Ajeeth S · December 13, 2023 Executive summary With Organizations deploying multiple security controls and solutions on their network and endpoints, there is a significant gap in the way threat...

CVE-2021-0984

In onNullBinding of ManagedServices.java, there is a possible permission bypass due to an incorrectly unbound service. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2020-23834

Insecure Service File Permissions in the bd service in Real Time Logic BarracudaDrive v6.5 allow local attackers to escalate privileges to admin by replacing the %SYSTEMDRIVE%\bd\bd.exe file. When the computer next starts, the new bd.exe will be run as LocalSystem...

BarracudaDrive 6.5 Local Privilege Escalation

Exploit Title: BarracudaDrive v6.5 - User-System - Local Privilege Escalation Exploit Author: Bobby Cooke boku & Adeeb Shah @hyd3sec Date: 08-08-2020 Vendor Homepage: https://barracudaserver.com/ Software Link: https://download.cnet.com/BarracudaDrive/3001-185064-10723210.html Version: v6.5 Teste...

Hola VPN 1.79.859 - Insecure service permissions Vulnerability

Exploit for windows platform in category local exploits ===== Tempest Security Intelligence - ADV-22/2018 === Hola VPN 1.79.859 - Insecure service permissions ------------------------------------------------------- Author: - Filipe Xavier Oliveira: ===== Table of Contents...

Hola VPN 1.79.859 Insecure Service Permissions

===== Tempest Security Intelligence - ADV-22/2018 === Hola VPN 1.79.859 - Insecure service permissions ------------------------------------------------------- Author: - Filipe Xavier Oliveira: ===== Table of Contents ===================================================== Overview Detailed...

Portrait Display SDK Service Privilege Escalation

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Privilege Escalation due to insecure service configuration product: Portrait Display SDK Service vulnerable version: mutliple, see PoC fixed version: multiple, see soluti...

TLS Version 1.0 Protocol Detection (PCI DSS)

The remote service accepts connections encrypted using TLS 1.0. This version of TLS is affected by multiple cryptographic flaws. An attacker can exploit these flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected service and clients. C Tenable Network...

SEC Consult SA-20140716-3 :: Multiple critical vulnerabilities in Bitdefender GravityZone

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20140716-3 ======================================================================= title: Multiple critical vulnerabilities product: Bitdefender GravityZone vulnerable version: 5.1.11.432 fixed version:...

Bitdefender GravityZone 5.1.5.386 - Multiple Vulnerabilities

Bitdefender GravityZone versions prior to 5.1.11.432 suffer from local file disclosure, insecure service configuration, and missing authentication vulnerabilities. product: Bitdefender GravityZone vulnerable version: =5.1.11.432 impact: critical homepage: http://www.bitdefender.com found:...

Bitdefender GravityZone 5.1.5.386 - Multiple Vulnerabilities

No description provided by source. SEC Consult Vulnerability Lab Security Advisory 20140716-3 ======================================================================= title: Multiple critical vulnerabilities product: Bitdefender GravityZone vulnerable version: 5.1.11.432 fixed version: =5.1.11.432...

BitDefender GravityZone 5.1.5.386 - Multiple Vulnerabilities

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities product: Bitdefender GravityZone vulnerable version: =5.1.11.432 impact: critical homepage: http://www.bitdefender.com found: 2014-05-22...