Lucene search
K

76 matches found

Packet Storm
Packet Storm
added 2020/02/05 12:0 a.m.108 views

Windscribe WindscribeService Named Pipe Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windscribe WindscribeService Named Pipe Privilege Escalation', 'Description' = %q The Windscribe VPN client application for Windows makes use of ...

7.2CVSS0.1AI score0.09905EPSS
Exploits4
0day.today
0day.today
added 2020/02/05 12:0 a.m.207 views

Windscribe VPN WindscribeService Named Pipe Privilege Escalation Exploit

The Windscribe VPN client application for Windows makes use of a Windows service WindscribeService.exe which exposes a named pipe \.\pipe\WindscribeService allowing execution of programs with elevated privileges. Windscribe versions prior to 1.82 do not validate user-supplied program names,...

7.8CVSS0.5AI score0.09905EPSS
Exploits4
Metasploit
Metasploit
added 2020/02/01 12:41 a.m.41 views

Windscribe WindscribeService Named Pipe Privilege Escalation

The Windscribe VPN client application for Windows makes use of a Windows service WindscribeService.exe which exposes a named pipe \.\pipe\WindscribeService allowing execution of programs with elevated privileges. Windscribe versions prior to 1.82 do not validate user-supplied program names,...

7.8CVSS7.4AI score0.09905EPSS
Exploits4
NVD
NVD
added 2018/05/25 7:29 p.m.39 views

CVE-2018-11479

The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe system process that establishes a \.\pipe\WindscribeService named pipe endpoint that allows the Windscribe VPN process to connect and execute an OpenVPN process or other processe...

7.8CVSS7.7AI score0.09905EPSS
Exploits4References2
OSV
OSV
added 2018/05/25 7:29 p.m.3 views

CVE-2018-11479

The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe system process that establishes a \.\pipe\WindscribeService named pipe endpoint that allows the Windscribe VPN process to connect and execute an OpenVPN process or other processe...

7.8CVSS5.8AI score0.09905EPSS
Exploits4References2
Prion
Prion
added 2018/05/25 7:29 p.m.17 views

Code injection

The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe system process that establishes a \.\pipe\WindscribeService named pipe endpoint that allows the Windscribe VPN process to connect and execute an OpenVPN process or other processe...

7.2CVSS7.7AI score0.09905EPSS
Exploits4References2Affected Software1
CVE
CVE
added 2018/05/25 7:0 p.m.94 views

CVE-2018-11479

CVE-2018-11479 affects Windscribe for Windows. WindscribeService.exe creates the .\us WindscribeService named pipe and does not validate the program name before CreateProcess, enabling an attacker to execute arbitrary commands with SYSTEM privileges via the pipe. Public details in connected docs...

7.8CVSS7.6AI score0.09905EPSS
Exploits4References2Affected Software1
Cvelist
Cvelist
added 2018/05/25 7:0 p.m.32 views

CVE-2018-11479

The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe system process that establishes a \.\pipe\WindscribeService named pipe endpoint that allows the Windscribe VPN process to connect and execute an OpenVPN process or other processe...

7.7AI score0.09905EPSS
Exploits4References2
Packet Storm
Packet Storm
added 2018/05/25 12:0 a.m.35 views

Windscribe 1.81 Code Execution

Vulnerability description: The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe system process that establishes a \.\pipe\WindscribeService named pipe endpoint that allows the Windscribe VPN process to connect and execute an OpenVP...

7.4AI score
Exploits0
CNVD
CNVD
added 2018/05/25 12:0 a.m.4 views

WindScribe Denial of Service Vulnerability

WindScribe is a suite of VPN software for anonymously connecting to the Internet. A security vulnerability exists in WindScribe version 1.81. An attacker can exploit this vulnerability with the help of \pipe\WindscribeService URL to gain access or cause a denial of service. \pipe\WindscribeServic...

7.8CVSS7AI score0.00325EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2018/05/25 12:0 a.m.7 views

PT-2018-10598 · Windscribe +1 · Windscribe +1

Name of the Vulnerable Software and Affected Versions: Windscribe version 1.81 Description: The issue concerns the VPN component in Windscribe, which uses the OpenVPN client and creates a system process named WindScribeService.exe. This process establishes a named pipe endpoint,...

7.8CVSS7.5AI score0.09905EPSS
Exploits4References7
Prion
Prion
added 2018/05/23 12:29 p.m.13 views

Design/Logic Flaw

Windscribe 1.81 creates a named pipe with a NULL DACL that allows Everyone users to gain privileges or cause a denial of service via \.\pipe\WindscribeService...

4.6CVSS7.6AI score0.00325EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2018/05/23 12:29 p.m.16 views

CVE-2018-11334

Windscribe 1.81 creates a named pipe with a NULL DACL that allows Everyone users to gain privileges or cause a denial of service via \.\pipe\WindscribeService...

7.8CVSS7.7AI score0.00325EPSS
Exploits0References2
OSV
OSV
added 2018/05/23 12:29 p.m.4 views

CVE-2018-11334

Windscribe 1.81 creates a named pipe with a NULL DACL that allows Everyone users to gain privileges or cause a denial of service via \.\pipe\WindscribeService...

7.8CVSS5.8AI score0.00325EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/05/23 12:0 p.m.20 views

CVE-2018-11334

Windscribe 1.81 creates a named pipe with a NULL DACL that allows Everyone users to gain privileges or cause a denial of service via \.\pipe\WindscribeService...

7.7AI score0.00325EPSS
Exploits0References1
CVE
CVE
added 2018/05/23 12:0 p.m.45 views

CVE-2018-11334

Windscribe 1.81 contains a vulnerability where a named pipe (\.\pipe\WindscribeService) is created with a NULL DACL, allowing Everyone to gain privileges or cause a denial of service. This is a local issue stemming from an overly permissive named pipe ACL, enabling privilege escalation or disrupt...

7.8CVSS7.6AI score0.00325EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder