832 matches found
CVE-2017-12312
An untrusted search path aka DLL Preloading vulnerability in the Cisco Immunet antimalware installer could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a local user with administrative privileges executes the installer in the current working directory wher...
CVE-2017-12636
CouchDB administrative users can configure the database server via HTTPS. Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitra...
Trello: CSV injection [N/A]
Hello, We can inject commands in the name field of a board =210 or =cmd|'/C calc'!AO for example, and when it's exported to CSV it will be evaluated to 20 in the corresponding cell, this enables an attacker to spread malware and execute system level commands on a victim's machine if the victim...
Windows KEPT remote code execution vulnerability analysis(CVE-2017-11779)
根据 Microsoft 安全通告,多个版本 Windows 中的 DNSAPI.dll 在处理 DNS response 时可导致 SYSTEM 权限 RCE。 以 DNS Client API DLL 10.0.15063.0 与 10.0.15063.674 为例,补丁对比, 可知漏洞存在于 DNSAPI.dll 中的 Nsec3RecordRead 函数,那么可以确定问题就是出在解析 DNS response 的 NSEC3 Resource record,为了构造 PoC,先得了解这个 "NSEC3" 的背景。首先,DNS 协议数据结构如下图所示, 例如,当访问...
Microsoft Windows Submenu Use-After-Free Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing o...
CVE-2017-3746
ThinkPad USB 3.0 Ethernet Adapter part number 4X90E51405 driver, various versions, was found to contain a privilege escalation vulnerability that could allow a local user to execute arbitrary code with administrative or system level privileges...
Microsoft Windows CLFS Driver Buffer Overflow Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Common Log...
This is How CIA Disables Security Cameras During Hollywood-Style Operations
In last 20 years, we have seen hundreds of caper/heist movies where spies or bank robbers hijack surveillance cameras of secure premises to either stop recording or set up an endless loop for covert operations without leaving any evidence. Whenever I see such scenes in a movie, I wonder and ask...
(Pwn2Own) Microsoft Windows Palette Object Use-After-Free Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of...
Cisco Web Security Appliance Authenticated Command Injection and Privilege Escalation Vulnerability
A vulnerability in the CLI parser of the Cisco Web Security Appliance WSA could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid operator-level or administrator-level credentials. The vulnerability is due...
(Pwn2Own) Microsoft Windows PlgBlt Integer Overflow Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementati...
(Pwn2Own) Microsoft Windows CLFS Driver Uninitialized Memory Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Common Log...
(Pwn2Own) Microsoft Windows basicrender WarpKMEscape Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...
(Pwn2Own) Microsoft Windows WarpKMSubmitCommandVirtual Uninitialized Memory Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within BasicRender.sys,...
(Pwn2Own) Microsoft Windows NtUserLinkDpiCursor Use-After-Free Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of...
(Pwn2Own) Microsoft Windows TdxCreateTransportAddress Buffer Overflow Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the tdx.sys...
(Pwn2Own) Microsoft Windows NtUserLinkDpiCursor Use-After-Free Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of...
CVE-2017-6640
A vulnerability in Cisco Prime Data Center Network Manager DCNM Software could allow an unauthenticated, remote attacker to log in to the administrative console of a DCNM server by using an account that has a default, static password. The account could be granted root- or system-level privileges...
Cisco Prime Data Center Network Manager Server Static Credential Vulnerability
A vulnerability in Cisco Prime Data Center Network Manager DCNM Software could allow an unauthenticated, remote attacker to log in to the administrative console of a DCNM server by using an account that has a default, static password. The account could be granted root- or system-level privileges...
CVE-2015-7888
Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via a .. dot dot in the name of a file, compressed into a zipped file named cred.zip, and downloaded ...