G DATA TOTAL SECURITY version 25.4.0.3 suffers from an active-x buffer overflow vulnerability.
a4a9b35e2dd08d915f0c7853b6318dcc7ae9080e1e6d5e6db10980d7390b81e0A vulnerability allows local attackers to escalate privilege on TotalAV versions 4.1.7 through 4.6.19 because of weak "C:\Program Files\TotalAV" permissions. The specific flaw exists within the access control that is set and modified during the installation of the product. The product sets weak access control restrictions. An attacker can leverage this vulnerability to execute arbitrary code under the context of Administrator, the IUSR account, or SYSTEM.
7ddb47fa9650b8d0c8373db8166f2ded014751591383842dbb2ccdcaaeebaa73In MicroWorld eScan Internet Security Suite (ISS) for Business version 14.0.1400.2029, the driver econceal.sys allows a non-privileged user to send a 0x830020E0 IOCTL request to \\.\econceal to cause a denial of service (BSOD).
8b95bb49aed9a1a93908ec4399e0088c6836bf8eba34be94d0cccbce2da183dbPanda Global Security version 17.0.1 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through the use of an insecurely created named pipe.
3d04c6e271055eec4d1aa92ac83833674c1a67f99b109e56f8a5e20b0657c1bbWPS Free Office version 10.2.0.5978 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through the use of an insecurely created named pipe.
c726a3ffc2e0ebcee4706b8c4cc4efd98cbc07f06fc328c4119cc99a075637d8Panda Global Security version 17.0.1 suffers from an unquoted service path vulnerability.
a37401042aaaf5b89120d5341ecc73667a314c3f1c2710299cdb63084dbc6730BitDefender Total Security 2018 suffers from an insecure pipe permissions vulnerability.
5b0a04c6449fd3adc498761971bf2ed128212f0cd92b50399240823900c8701c10-Strike Network Monitor version 5.4 suffers from an unquoted service path vulnerability.
8dfa49d5016d1165f8756d8212657613e17b3e5bd6375e9110fc70ff67d13c79Hola VPN version 1.79.859 suffers from an insecure service permission vulnerability.
97d50e71ec932cfebd95d3d91e748263c0691d6267fea62ef47606869a2527c5Rapid Scada version 5.5.0 suffers from an insecure permission vulnerability.
f8015ce3acb7acf63bc94d7778e2d496db64e347752ff5ebb6255b75fa67345aTempest Security Intelligence ADV-12/2018 - A buffer overflow in Handy Password version 4.9.3 allows remote attackers to execute arbitrary code via a long "Title name" field in "mail box" data that is mishandled in an "Open from mail box" action.
db96f47d41838f40dfa6cda2444fb26a4a9d7ba6c7446485d9dce39966d6cd9bSync Breeze version 10.1.16 is vulnerable to a buffer overflow vulnerability, which can be exploited remotely or locally to achieve arbitrary code execution. The flaw is triggered by providing a long input into the "Destination directory" path of the application.
59c9d2495edf8a0486ff788f422643c727583429a515dece3fc0fe22ccb5eba7Tempest Security Intelligence Advisory ADV-6/2016 - Telegram Desktop version 0.10.1 is vulnerable to dll hijacking as it tries to load "COMBASE.dll" without supplying the absolute path, thus relying upon the presence of such dll on the system directory.
e47664662cafc2ec11e3eea85f3d940c28492e1009a62c09a53bbd4e8e502455Tempest Security Intelligence Advisory ADV-8/2016 - Akamai Netsession 1.9.3.1 is vulnerable to dll hijacking as it tries to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because the mentioned dll is missing from its installation. Thus making it possible to hijack the dll and subsequently inject code within the Akamai NetSession process space.
3dedecb489ed5a0d9fc62c3d0f0b03779be049ff0c99d1d773806ff026f848c7Tempest Security Intelligence Advisory ADV-7/2016 - Audacity version 2.1.2 is vulnerable to dll hijacking as it tries to load avformat-55.dll without supplying the absolute path, thus relying upon the presence of such dll on the system directory. This behavior results in an exploitable dll hijacking vulnerability, even if the SafeDllSerchMode flag is enabled.
40d084801ba07dda72838efafa5dcf50fc384632d13c75c174d64d1ab807aa8a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed