CVE Number | Type | Company/Product | Description | Article Link | Repository Link |
---|---|---|---|---|---|
CVE-2024-38030 | Spoofing | Microsoft Themes | Security bypass for the patch of CVE-2024-21320 | N/A | N/A |
CVE-2024-21320 | Spoofing | Microsoft Themes | Specially crafted themes file allows attackers to spoof their identity, more details soon. | https://www.akamai.com/blog/security-research/2024/mar/leaking-ntlm-credentials-through-windows-themes | https://github.com/tomerpeled92/CVE/blob/main/CVE-2024-21320 |
CVE-2023-5528 | RCE | Kubernetes < 1.28.4 | Unsanitized input in kuberentes in-tree plugin allows for a command injection and RCE over all windows nodes in a cluster with SYSTEM privileges | https://www.akamai.com/blog/security-research/kubernetes-local-volumes-command-injection-vulnerability-rce-system-privileges | https://github.com/tomerpeled92/CVE/blob/main/CVE-2023-5528 |
CVE-2023-3676 | RCE | Kubernetes < 1.28 | Unsanitized input in kuberentes subPath feature allows for a command injection and RCE over all windows nodes in a cluster with SYSTEM privileges | https://www.akamai.com/blog/security-research/kubernetes-critical-vulnerability-command-injection | https://github.com/tomerpeled92/CVE/blob/main/CVE-2023-3676/ |
CVE-2023-31462 | LPE | SteelSeriesGG < 39 | Attackers can modify SteelSeriesGG database to execute malicious code in admin context | https://www.akamai.com/blog/security-research/exploit-steelseries-subapp-privilege-escalation | |
CVE-2023-31461 | LPE | SteelSeriesGG < 39 | Attackers can send packets to SteelSeriesGG API that will lead to malicious code execution in admin context | https://www.akamai.com/blog/security-research/exploit-steelseries-subapp-privilege-escalation | |
CVE-2022-34689 | Spoofing | Windows/Chrome | This vulnerability was discovered by the NSA and NCSC, Me and my coleague analyzed this vulnerability and exploited it | https://www.akamai.com/blog/security-research/exploiting-critical-spoofing-vulnerability-microsoft-cryptoapi | https://github.com/tomerpeled92/CVE/tree/main/CVE-2022-34689 |
CVE-2022-35200 | DoS | not published | |||
CVE-2022-35199 | DoS | not published | |||
CVE-2022-24562 | RCE | IObit/IOTransfer | an unauthenticated attacker can send GET and POST requests to Airserv and gain arbitrary read/write access to the entire file-system (with admin privileges) on the victim's endpoint, which can result in data theft and remote code execution | https://medium.com/@tomerp_77017/exploiting-iotransfer-insecure-api-cve-2022-24562-a2c4a3f9149d | https://github.com/tomerpeled92/CVE/tree/main/CVE-2022%E2%80%9324562 |
CVE-2022-24141 | LM | IObit/Itop VPN | Lateral Movment with named pipes | N/A | https://github.com/tomerpeled92/CVE/tree/main/CVE-2022-24141 |
CVE-2022-24140 | MITM | IObit/Various | MITM attack can lead to code execution | N/A | https://github.com/tomerpeled92/CVE/tree/main/CVE-2022-24140 |
CVE-2022-24139 | LM | IObit/Advanced System Care | Lateral Movment with named pipes | N/A | https://github.com/tomerpeled92/CVE/tree/main/CVE-2022-24139 |
CVE-2022-24138 | LPE | IObit/Advanced System Care | writing update files to insecure location on PC can lead to LPE | N/A | https://github.com/tomerpeled92/CVE/tree/main/CVE-2022-24138 |
CVE-2021-44596 | RCE | Wondershare/Dr. Fone | Due to software design flaws an unauthenticated user can communicate over UDP with the "InstallAssistService.exe" service(the service is running under SYSTEM privileges) and manipulate it to execute malicious executable without any validation from a remote location and gain SYSTEM privileges | https://medium.com/@tomerp_77017/wondershell-a82372914f26 | https://github.com/netanelc305/WonderShell |
CVE-2021-44595 | RCE | Wondershare/Dr. Fone | Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and execute arbitrary code without any validation with SYSTEM privileges. | https://medium.com/@tomerp_77017/wondershell-a82372914f26 | https://github.com/netanelc305/WonderShell |
CVE-2021-42835 | LPE | Plex/Plex Media Server | An attacker (with a foothold in a endpoint via a low-privileged user account) can access the exposed RPC service of the update service component. This RPC functionality allows the attacker to interact with the RPC functionality and execute code from a path of his choice (local, or remote via SMB) because of a TOCTOU race condition. This code execution is in the context of the Plex update service (which runs as SYSTEM). | https://ir-on.io/2021/12/02/local-privilege-plexcalation/ | https://github.com/netanelc305/PlEXcalaison |
CVE-2021–41067 | LPE | Bopsoft/Listary | Improper implementation of the update process leads to the download of software updates with a /check-update HTTP-based connection. This can be exploited with MITM techniques. Together with the lack of package validation, it can lead to manipulation of update packages that can cause an installation of malicious content. | https://medium.com/@tomerp_77017/exploiting-listary-searching-your-way-to-system-privileges-8175af676c3e | N/A |
CVE-2021–41066 | LPE | Bopsoft/Listary | When Listary is configured as admin, Listary will not ask for permissions again if a user tries to access files on the system from Listary itself (it will bypass UAC protection; there is no privilege validation of the current user that runs via Listary). | https://medium.com/@tomerp_77017/exploiting-listary-searching-your-way-to-system-privileges-8175af676c3e | N/A |
CVE-2021–41065 | LPE | Bopsoft/Listary | An attacker can create a \.\pipe\Listary.listaryService named pipe and wait for a privileged user to open a session on the Listary installed host. Listary will automatically access the named pipe and the attacker will be able to duplicate the victim's token to impersonate him. This exploit is valid in certain Windows versions (Microsoft has patched the issue in later Windows 10 builds). | https://medium.com/@tomerp_77017/exploiting-listary-searching-your-way-to-system-privileges-8175af676c3e | N/A |
cve's Introduction
cve's People
Forkers
ilk-999cve's Issues
How You Reported Vulnerability to IOBIT ?
Hello i Just Wanted to Know How You Have Reported Vulnerabilities to IOBIT, Because i Couldn't Find any Email or Bug Report Platform From IOBIT ? Or Did You Just First Requested CVE for These Vulnerabilities ?
Waiting for Your Response
Cannot Reproduce CVE-2022-24139
After downloading Advanced Systemcare Free 15.0.1.125, I installed it into VM of Windows 10 1709.
The following are the steps I try to reproduce the vulnerability.
sc stop AdvancedSystemCareService15
to make the software close the named pipe handledatastate_ASCService_{5D4587BA-EA2D-478C-9A83-A9A54A908AEA}
.- Create a malicious named pipe with the same name
datastate_ASCService_{5D4587BA-EA2D-478C-9A83-A9A54A908AEA}
and wait for the connection to impersonate. sc start AdvancedSystemCareService15
to trigger the vulnerability.
However, I always get an error ERROR_CANNOT_IMPERSONATE
(1368) while calling ImpersonateNamedPipeClient
.
Did I miss anything?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.