PT-2022-17918 · Anaconda3 +1 · Anaconda3 +1

Name of the Vulnerable Software and Affected Versions: Anaconda3 versions through 2021.11.0.0 Miniconda3 versions through 4.11.0.0 Description: The issue allows local users to gain privileges by placing a Trojan horse file into a world-writable directory under %PROGRAMDATA% that is added to the...

Docker Desktop Community Edition Privilege Escalation Vulnerability

Docker Desktop Community Edition contains a vulnerability that may allow local users to escalate privileges by placing a trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin...

CVE-2021-40981

ASUS ROG Armoury Crate Lite before 4.2.10 allows local users to gain privileges by placing a Trojan horse file in the publicly writable %PROGRAMDATA%\ASUS\GamingCenterLib directory...

CVE-2021-40981

ASUS ROG Armoury Crate Lite before 4.2.10 allows local users to gain privileges by placing a Trojan horse file in the publicly writable %PROGRAMDATA%\ASUS\GamingCenterLib directory...

Asus Rog Armory Crate 代码问题漏洞

Asus Rog Armory Crate is a one-stop application from Asus China Inc. for connecting, configuring and controlling a vast array of Rog gaming products. A security vulnerability exists in Asus Rog Armory Crate Lite versions prior to 4.2.10, which stems from the software previously allowing local use...

CVE-2021-38085

The Canon TR150 print driver through 3.71.2.10 is vulnerable to a privilege escalation issue. During the add printer process, a local attacker can overwrite CNMurGE.dll and, if timed properly, the overwritten DLL will be loaded into a SYSTEM process resulting in escalation of privileges. This...

CVE-2021-34689

iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read the system's Personal Key in world-readable %PROGRAMDATA% log files...

CVE-2021-34689

Affected product: iDrive RemotePC on Windows. Version affected: prior to 7.6.48. Vulnerability type: information disclosure due to a flaw that allows a locally authenticated attacker to read the system’s Personal Key from world-readable log files in %PROGRAMDATA%. Root cause: Personal Key written...

CVE-2021-28098

An issue was discovered in Forescout CounterACT before 8.1.4. A local privilege escalation vulnerability is present in the logging function. SecureConnector runs with administrative privileges and writes logs entries to a file in %PROGRAMDATA%\ForeScout SecureConnector\ that has full permissions...

CVE-2021-28098

An issue was discovered in Forescout CounterACT before 8.1.4. A local privilege escalation vulnerability is present in the logging function. SecureConnector runs with administrative privileges and writes logs entries to a file in %PROGRAMDATA%\ForeScout SecureConnector\ that has full permissions...

Directory traversal

Checkmk before 1.6.0p17 allows local users to obtain SYSTEM privileges via a Trojan horse shell script in the %PROGRAMDATA%\checkmk\agent\local directory...

PT-2021-11083 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 1.6.0p17 Description: The issue allows local users to obtain SYSTEM privileges via a Trojan horse shell script in the %PROGRAMDATA%checkmkagentlocal directory. Recommendations: For versions prior to 1.6.0p17, update ...

1E Client 权限许可和访问控制问题漏洞

1E Client is an agent-less endpoint management software from 1E 1E Client USA. A security vulnerability exists in 1E Client versions 5.0.0.745, 4.1.0.267, which originates in the %PROGRAMDATA%1EClient directory that allows remote authenticated and local users to create and modify files in...

Privilege escalation

Ilex International Sign&go Workstation Security Suite 7.1 allows elevation of privileges via a symlink attack on ProgramData\Ilex\S&G\Logs\000-sngWSService1.log...

CVE-2020-23968

Ilex International Sign&go Workstation Security Suite 7.1 allows elevation of privileges via a symlink attack on ProgramData\Ilex\S&G\Logs\000-sngWSService1.log...

chocolatey Boxstarter has an unspecified vulnerability

chocolatey Boxstarter is a virtual machine management software for installing virtual Windows environments from chocolatey, USA. A security vulnerability exists in Boxstarter installer versions prior to 2.13.0 that originates from configuring C:ProgramDataBoxstarter to be in the system-wide PATH...

CVE-2020-10140

Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramData\Acronis directory. Because some privileged processes are executed from the C:\ProgramData\Acronis, an unprivileged user can achieve arbitrary code execution with SYSTEM privileges by placing a DLL in one of several paths...

PT-2020-14874 · Razer · Razer Chroma Sdk Rest Server

Name of the Vulnerable Software and Affected Versions: Razer Chroma SDK Rest Server versions 3.12.17 and earlier Description: The issue allows remote attackers to execute arbitrary programs due to a race condition. This condition occurs when a file created under "%PROGRAMDATA%Razer ChromaSDKApps"...

CVE-2020-13149

Weak permissions on the "%PROGRAMDATA%\MSI\Dragon Center" folder in Dragon Center before 2.6.2003.2401, shipped with Micro-Star MSI Gaming laptops, allows local authenticated users to overwrite system files and gain escalated privileges. One attack method is to change the Recommended App binary...

Razer Synapse Service 1.0.0 DLL Injection

Discovered by: Juan Sacco Razer Synapse Service v1.0.0 is prone to a DLL Injection because it fails to properly filter user supplied input and loads a .DLL from %ProgramData% from userland with SYSTEM rights allowing to escalate the priveleges from a regular user to SYSTEM rights. Program: Raze...