EUVD-2026-27461

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, the SbieIniServer RunSbieCtrl handler contains a stack buffer overflow. The MSGIDSBIEINIRUNSBIECTRL message is handled before normal sandbox and impersonation checks, and for non-sandbox...

PT-2026-37227

Name of the Vulnerable Software and Affected Versions Sandboxie-Plus versions prior to 1.17.3 Description The SbieIniServer RunSbieCtrl handler contains a stack buffer overflow. The MSGID SBIE INI RUN SBIE CTRL message is processed before standard sandbox and impersonation checks. For callers not...

CVE-2025-64699

An incorrect NULL DACL issue exists in SevenCs ORCA G2 2.0.1.35 EC2007 Kernel v5.22. The regService process, which runs with SYSTEM privileges, applies a Security Descriptor to a device object with no explicitly configured DACL. This condition could allow an attacker to perform unauthorized raw...

CVE-2025-64699

CVE-2025-64699 affects SevenCs ORCA G2 2.0.1.35 (EC2007 Kernel v5.22). The regService process, running with SYSTEM privileges, applies a Security Descriptor to a device object that has no explicitly configured DACL. This can allow an attacker to perform unauthorized raw disk operations, potential...

CVE-2025-64699

An incorrect NULL DACL issue exists in SevenCs ORCA G2 2.0.1.35 EC2007 Kernel v5.22. The regService process, which runs with SYSTEM privileges, applies a Security Descriptor to a device object with no explicitly configured DACL. This condition could allow an attacker to perform unauthorized raw...

EUVD-2007-2105

Malware in sbrugna...

EUVD-2018-6355

Malware in sbrugna...

K000138056: Wireshark vulnerability CVE-2018-14438

Security Advisory Description In Wireshark through 2.6.2, the createapprunningmutex function in wsutil/fileutil.c calls SetSecurityDescriptorDacl to set a NULL DACL, which allows attackers to modify the access control arbitrarily. CVE-2018-14438 Impact There is no impact; F5 products are not...

SUSE CVE-2018-14438

In Wireshark through 2.6.2, the createapprunningmutex function in wsutil/fileutil.c calls SetSecurityDescriptorDacl to set a NULL DACL, which allows attackers to modify the access control arbitrarily...

Trojan.Win32.DarkNeuron.gen MVID-2022-0661 Named Pipe NULL DACL

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/d891c9374ccb2a4cae2274170e8644d8.txt Contact: [email protected] Media: twitter.com/malvuln Backup media: infosec.exchange/@malvuln Threat: Trojan.Win32.DarkNeuron.gen Vulnerability: Named...

Trojan.Win32.Autoit.fhj MVID-2022-0638 NULL DACL

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/d871836f77076eeed87eb0078c1911c7B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Autoit.fhj Vulnerability: Named Pipe Null DACL Family: Autoit Type: PE32 MD5...

Cisco Immunet < 6.2.0 / Cisco AMP For Endpoints 6.2.0 - Denial of Service

/ + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CISCO-IMMUNET-AND-CISCO-AMP-FOR-ENDPOINTS-SYSTEM-SCAN-DENIAL-OF-SERVICE.txt + ISR: ApparitionSec Greetz: indoushka | Eduardo B. Vendor www.cisco.com Multiple Products Cisc...

UBUNTU-CVE-2018-14438

In Wireshark through 2.6.2, the createapprunningmutex function in wsutil/fileutil.c calls SetSecurityDescriptorDacl to set a NULL DACL, which allows attackers to modify the access control arbitrarily...

CVE-2018-11334

Windscribe 1.81 creates a named pipe with a NULL DACL that allows Everyone users to gain privileges or cause a denial of service via \.\pipe\WindscribeService...

Design/Logic Flaw

Windscribe 1.81 creates a named pipe with a NULL DACL that allows Everyone users to gain privileges or cause a denial of service via \.\pipe\WindscribeService...

CVE-2018-11334

Windscribe 1.81 creates a named pipe with a NULL DACL that allows Everyone users to gain privileges or cause a denial of service via \.\pipe\WindscribeService...

CVE-2018-11334

Windscribe 1.81 creates a named pipe with a NULL DACL that allows Everyone users to gain privileges or cause a denial of service via \.\pipe\WindscribeService...

CVE-2018-11334

Windscribe 1.81 contains a vulnerability where a named pipe (\.\pipe\WindscribeService) is created with a NULL DACL, allowing Everyone to gain privileges or cause a denial of service. This is a local issue stemming from an overly permissive named pipe ACL, enabling privilege escalation or disrupt...

WPS Office 10.2.0.5978 - NULL DACL grants full access Vulnerability

Exploit for multiple platform in category local exploits ===== Tempest Security Intelligence - ADV-16/2018 === WPS Free Office 10.2.0.5978 - NULL DACL grants full access ------------------------------------------------------- Author: - Filipe Xavier Oliveira: filipe.xavier tempest.com.br =====...

Panda Global Security 17.0.1 NULL DACL Grants Full Access

===== Tempest Security Intelligence - ADV-17/2018 === Panda Global Security 17.0.1 - NULL DACL grants full access ------------------------------------------------------- Author: - Filipe Xavier Oliveira: ===== Table of Contents ===================================================== Overview Detail...