📄 Microsoft Windows 11 build 10.0.27898.1000 Local Privilege Escalation

Proof of concept exploit designed to test a potential local privilege escalation vulnerability in Windows, specifically targeting a feature called AiRegistrySync. It checks if modifications made by a standard user in their own Registry profile can be automatically synchronized propagated into the...

📄 Microsoft Windows 11 Build 10.0.22631.6199 Registry Vulnerability Testing Tool

This is a C/C++ proof-of-concept PoC program designed to test for a specific vulnerability within the Windows Registry handling mechanism, often related to key duplication or improper permission checks during certain API calls like RegCopyTreeW...

EUVD-2011-0063

Malware in sbrugna...

PT-2025-31114 · Unknown · User Registry

Name of the Vulnerable Software and Affected Versions: Versions prior to 25.4.270.0 Description: A local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability ...

CVE-2023-48387

TAIWAN-CATWCA JCICSecurityTool fails to check the source website and access locations when executing multiple Registry-related functions. In the scenario where a user is using the JCICSecurityTool and has completed identity verification, if the user browses a malicious webpage created by an...

CVE-2022-24934

wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEYCURRENTUSER in the registry...

VulnCheck KEV: CVE-2022-24934

wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEYCURRENTUSER in the registry...

Information disclosure

IBM API Connect 10.0.0.0, and 2018.4.1.0 through 2018.4.1.13 does not restrict member registration to the intended recepient. An attacker who is a valid user in the user registry used by API Manager can use a stolen invitation link and register themselves as a member of an API provider...

CVE-2021-20440

IBM API Connect 10.0.0.0, and 2018.4.1.0 through 2018.4.1.13 does not restrict member registration to the intended recepient. An attacker who is a valid user in the user registry used by API Manager can use a stolen invitation link and register themselves as a member of an API provider...

Security Bulletin: User passwords might be obtained by a brute force attack on IBM® Intelligent Operations Center (CVE-2019-4067)

Summary If your IBM® Intelligent Operations Center system is configured to use a Lightweight Directory Access Protocol LDAP user registry, user passwords might be obtained by a brute force attack that uses HTTP basic authentication requests to IBM Intelligent Operations Center. Vulnerability...

CVE-2019-4155

IBM API Connect's Developer Portal 2018.1 and 2018.4.1.3 is impacted by a privilege escalation vulnerability when integrated with an OpenID Connect OIDC user registry. IBM X-Force ID: 158544...

CVE-2019-4155

IBM API Connect's Developer Portal 2018.1 and 2018.4.1.3 is impacted by a privilege escalation vulnerability when integrated with an OpenID Connect OIDC user registry. IBM X-Force ID: 158544...

Privilege escalation

IBM API Connect's Developer Portal 2018.1 and 2018.4.1.3 is impacted by a privilege escalation vulnerability when integrated with an OpenID Connect OIDC user registry. IBM X-Force ID: 158544...

CVE-2019-4155

IBM API Connect's Developer Portal 2018.1 and 2018.4.1.3 is impacted by a privilege escalation vulnerability when integrated with an OpenID Connect OIDC user registry. IBM X-Force ID: 158544...

Security Bulletin: IBM API Connect's Developer Portal is impacted by a privilege escalation vulnerability (CVE-2019-4155)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-4155 DESCRIPTION: IBM API Connect's Developer Portal is impacted by a privilege escalation vulnerability when integrated with an OpenID Connect OIDC user registry. CVSS Base Score: 8.8 CVSS...

Security Bulletin: privilege escalation in IBM Business Process Manager (BPM) - CVE-2017-1539

Summary Synchronization between the user registry and the IBM BPM database lead to invalid memberships in case there is an internal group in the IBM BPM database and a group in the user registry with the same name. Vulnerability Details CVEID: CVE-2017-1539 DESCRIPTION: IBM Business Process Manag...

Security Bulletin:Vulnerability in OpenSSL affects IBM PureApplication System. (CVE-2015-1788)

Summary An OpenSSL denial of service vulnerability disclosed by the OpenSSL Project affects GSKit. IBM PureApplication System uses GSKit in user registry components in the Web application pattern type and GPFS pattern type. IBM PureApplication System addressed the applicable CVE. Vulnerability...

Creating a Mandatory Profile Recipe

Windows profiles include the user registry and the file system under c:\users%username%. Windows profiles are where application vendors store setting information particular to a user. What is stored here can be anything the vendors need to store for their applications to work. Many application ru...

shopex the latest version front an unexpected SQL injection vulnerability-vulnerability warning-the black bar safety net

shopex code The core of the place to do the encryption process, to find loopholes just need a little imagination, such as thisSQL injection... Exists in the user registrycan't think of the location? /core/shop/controller/ctl.passport.php 2 6 7 row if !$ info = $account-create$POST,$message ... 2...

CVE-2011-1683

IBM WebSphere Application Server WAS 6.0.x through 6.0.2.43, 6.1.x before 6.1.0.37, and 7.0.x before 7.0.0.17 on z/OS, when a Local OS user registry or Federated Repository with RACF adapter is used, allows remote attackers to obtain unspecified application access via unknown vectors...