CVE-2021-21911

Advantech R-SeeNet on Windows is affected by CVE-2021-21911 (Privilege escalation via SnmpMonSvs service executable) affecting 2.4.15. The vulnerability is caused by insufficient protection of the C:\R-SeeNet installation files, allowing an authenticated user to replace the SnmpMonSvs service bin...

CVE-2021-21910

A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 30.07.2021. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger...

Advantech R-SeeNet installation privilege escalation vulnerability

Summary A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 30.07.2021. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to...

CVE-2021-1079

NVIDIA GeForce Experience, all versions prior to 3.22, contains a vulnerability in GameStream plugins where log files are created using NT/System level permissions, which may lead to code execution, denial of service, or local privilege escalation. The attacker does not have control over the...

Design/Logic Flaw

NVIDIA GeForce Experience, all versions prior to 3.22, contains a vulnerability in GameStream plugins where log files are created using NT/System level permissions, which may lead to code execution, denial of service, or local privilege escalation. The attacker does not have control over the...

Unspecified Vulnerability in Ocean Data Systems Dream Report 5 R20-2 (CNVD-2021-28325)

Ocean Data Systems Dream Report 5 R20-2 is an application from the French company Ocean Data Systems. A real-time reporting and charting solution. Dream Report 5 R20-2 has a security vulnerability that allows an attacker to replace the Syncfusion Dashboard Service service binary to escalate...

OpenClinic GA installation privilege escalation vulnerability

Summary An incorrect default permissions vulnerability exists in the installation functionality of OpenClinic GA 5.173.3. Overwriting the binary can result in privilege escalation. An attacker can replace a file to exploit this vulnerability. Tested Versions OpenClinic GA 5.173.3 Product URLs...

CVE-2020-13532

A privilege escalation vulnerability exists in Dream Report 5 R20-2. In the default configuration, the Syncfusion Dashboard Service service binary can be replaced by attackers to escalate privileges to NT SYSTEM. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2020-13532

A privilege escalation vulnerability exists in Dream Report 5 R20-2. In the default configuration, the Syncfusion Dashboard Service service binary can be replaced by attackers to escalate privileges to NT SYSTEM. An attacker can provide a malicious file to trigger this vulnerability...

Privilege escalation

A privilege escalation vulnerability exists in Dream Report 5 R20-2. In the default configuration, the Syncfusion Dashboard Service service binary can be replaced by attackers to escalate privileges to NT SYSTEM. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2020-13532

Dream Report 5 R20-2 is affected by CVE-2020-13532. Talos confirms a privilege-escalation via replacing the Syncfusion Dashboard Service binary when Dream Report is installed by default in C:\ODS with weak permissions, allowing an attacker to escalate to NT SYSTEM by providing a malicious file. R...

CVE-2020-13532

A privilege escalation vulnerability exists in Dream Report 5 R20-2. In the default configuration, the Syncfusion Dashboard Service service binary can be replaced by attackers to escalate privileges to NT SYSTEM. An attacker can provide a malicious file to trigger this vulnerability...

Ocean Data Systems Dream Report 5 R20-2 安全漏洞

Ocean Data Systems Dream Report 5 R20-2 is an application from the French company Ocean Data Systems. A real-time reporting and charting solution. Dream Report 5 R20-2 has a security vulnerability that allows an attacker to replace the Syncfusion Dashboard Service service binary to escalate...

CVE-2020-13554

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with ...

Privilege escalation

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with ...

CVE-2020-13554

Advantech WebAccess/SCADA 9.0.1 contains multiple local privilege escalation flaws stemming from weak permissions and executable/file tampering in the installation directory. The TALOS-2020-1169 analysis describes various vectors, including webvrpcs Run Key registry entry and multiple binaries/ex...

CVE-2020-13554

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with ...

Advantech WebAccess/SCADA Local Elevation of Privilege Vulnerability

Advantech WebAccess/SCADA is a suite of SCADA software from Advantech based on a browser architecture. The software supports dynamic graphical displays and real-time data control, and provides the ability to remotely control and manage automation equipment. A local elevation of privilege...

Advantech WebAccess/SCADA Local Elevation of Privilege Vulnerability (CNVD-2021-11307)

Advantech WebAccess/SCADA is a suite of SCADA software from Advantech based on a browser architecture. The software supports dynamic graphical displays and real-time data control, and provides the ability to remotely control and manage automation equipment. A local elevation of privilege...

Advantech WebAccess/SCADA Local Elevation of Privilege Vulnerability (CNVD-2021-11306)

Advantech WebAccess/SCADA is a suite of SCADA software from Advantech based on a browser architecture. The software supports dynamic graphical displays and real-time data control, and provides the ability to remotely control and manage automation equipment. A local elevation of privilege...