Lucene search
K

14 matches found

Tenable Nessus
Tenable Nessus
added 2008/10/24 12:0 a.m.32 views

GEAR Software CD DVD Filter Driver Insecure Method Local Privilege Escalation

The version of GEAR Software's CD DVD Filter kernel driver GEARAspiWDM.sys on the remote host contains an insecure method that allows a local user to make an unlimited number of calls to 'IoAttachDevice' from user-land, thereby enabling him to exploit a local privilege escalation flaw in the...

5.6AI score
Exploits0References5
CERT
CERT
added 2008/10/07 12:0 a.m.34 views

Gear Software CD DVD Filter driver privilege escalation vulnerability

Overview The Gear Software CD DVD Filter driver contains a privilege escalation vulnerability, which can allow an attacker to gain SYSTEM privileges. Description Gear Software provides a driver called CD DVD Filter, which is provided by GEARAspiWDM.sys. This driver is used by multiple CD/DVD...

7.2CVSS6.9AI score0.00424EPSS
Exploits2References4
Prion
Prion
added 2008/02/07 9:0 p.m.19 views

Unrestricted file upload

Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors...

10CVSS7.7AI score0.11863EPSS
Exploits3References9Affected Software1
Cvelist
Cvelist
added 2008/02/07 8:0 p.m.37 views

CVE-2008-0457

Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors...

7.2AI score0.11863EPSS
Exploits3References9
Zero Day Initiative
Zero Day Initiative
added 2008/02/06 12:0 a.m.43 views

Symantec Backup Exec Remote File Upload Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Backup Exec System Recovery Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists in the FileUpload class running on the Symantec LiveState Apache...

10CVSS2.2AI score0.11863EPSS
Exploits3References1
Prion
Prion
added 2007/04/30 10:19 p.m.13 views

Buffer overflow

Buffer overflow in Ghost Service Manager, as used in Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, allows local users to gain privileges via a long string...

7.2CVSS7.3AI score0.00406EPSS
Exploits0References6Affected Software4
CVE
CVE
added 2007/04/30 10:0 p.m.47 views

CVE-2007-2361

CVE-2007-2361 affects Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery and BackupExec System Recovery prior to 20070426. When remote backups of restore points are configured, a configuration file containing network share credentials is world-readable, allowing local users to read...

4.9CVSS6.4AI score0.00344EPSS
Exploits0References6Affected Software4
CVE
CVE
added 2007/04/30 10:0 p.m.55 views

CVE-2007-2360

CVE-2007-2360 affects Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery prior to 20070426. When remote backups of restore point images are configured, network share credentials are encrypted with a key formed by a hash of the username, allowing loca...

6.8CVSS6.4AI score0.00335EPSS
Exploits0References5Affected Software4
CVE
CVE
added 2007/04/30 10:0 p.m.50 views

CVE-2007-2359

CVE-2007-2359 concerns a buffer overflow in Ghost Service Manager used by Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery and BackupExec System Recovery prior to 20070426. The vulnerability arises from handling of a long string, enabling local users to gain privileges (local pri...

7.2CVSS6.8AI score0.00406EPSS
Exploits0References6Affected Software4
NVD
NVD
added 2006/12/06 8:28 p.m.20 views

CVE-2006-6308

Symantec LiveState 7.1 Agent for Windows allows local users to gain privileges by stopping the shstart.exe process and open "Web Self-Service" from the system tray icon, which will open a browser window running with elevated privileges. NOTE: several third-party researchers have noted that...

4.3CVSS6.8AI score0.00336EPSS
Exploits0References7
Cvelist
Cvelist
added 2006/12/06 8:0 p.m.26 views

CVE-2006-6308

Symantec LiveState 7.1 Agent for Windows allows local users to gain privileges by stopping the shstart.exe process and open "Web Self-Service" from the system tray icon, which will open a browser window running with elevated privileges. NOTE: several third-party researchers have noted that...

6.8AI score0.00336EPSS
Exploits0References7
CVE
CVE
added 2006/12/06 8:0 p.m.57 views

CVE-2006-6308

Symantec LiveState 7.1 Agent for Windows is affected. Local users can potentially gain privileges by stopping the shstart.exe process and selecting Web Self-Service from the system tray, which opens a browser window running with elevated privileges. The root cause is the browser window inheriting...

4.3CVSS7.1AI score0.00336EPSS
Exploits0References7Affected Software1
securityvulns
securityvulns
added 2006/12/05 12:0 a.m.37 views

Symantec LiveState Agent privilege escalation

It's possible to launch Windows Explorer with SYSTEM privileges...

3.6AI score
Exploits0References1
securityvulns
securityvulns
added 2006/12/05 12:0 a.m.28 views

Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation

hello, we've found local privilege escalation in Symantec LiveState agent. PoC: 1. kill shstart.exe process 2. from symantec livestate agent icon in systray choose "Web Self-Service" 3. New browser window will open, it is running with SYSTEM privileges. tested on fully patched Win XP SP2, Symante...

1.3AI score
Exploits0
Rows per page
Query Builder