Hashim Jawad

31 exploits Active since Apr 2018
CVE-2018-25345 EXPLOITDB HIGH python WORKING POC
10-Strike Network Scanner 3.0 Local Buffer Overflow SEH
10-Strike Network Scanner 3.0 contains a local buffer overflow vulnerability in the host name field that allows attackers to bypass SafeSEH protections and execute arbitrary code. Attackers can craft a malicious payload in the host name or address field and trigger the vulnerability through the Trace route or System information functions to achieve code execution.
CVSS 8.4
CVE-2018-25344 EXPLOITDB HIGH python WORKING POC
10-Strike Network Inventory Explorer 8.54 Buffer Overflow SEH
10-Strike Network Inventory Explorer 8.54 contains a stack-based buffer overflow vulnerability in the registration key input field that allows local attackers to execute arbitrary code by triggering a structured exception handler overwrite. Attackers can craft a malicious registration key string with 4188 bytes of padding followed by SEH chain values and shellcode, then paste it into the registration dialog to achieve code execution with application privileges.
CVSS 8.4
CVE-2018-18435 WRITEUP HIGH WRITEUP
kioware_server < 4.9.6 - Unauthenticated Privilege Escalation via Weak Directory Permissions
KioWare Server version 4.9.6 and older installs by default to "C:\kioware_com" with weak folder permissions granting any user full permission "Everyone: (F)" to the contents of the directory and it's sub-folders. In addition, the program installs a service called "KWSService" which runs as "Localsystem", this will allow any user to escalate privileges to "NT AUTHORITY\SYSTEM" by substituting the service's binary with a malicious one.
CVSS 7.8
CVE-2019-18845 WRITEUP HIGH WRITEUP
Patriot Viper RGB <1.1 - Memory Corruption
The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1 allow local users (including low integrity processes) to read and write to arbitrary memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, by mapping \Device\PhysicalMemory into the calling process via ZwOpenSection and ZwMapViewOfSection.
CVSS 7.1
CVE-2020-10665 WRITEUP MEDIUM WRITEUP
Docker Desktop <2.1.0.9-2.2.2.0 - Privilege Escalation
Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwrites and arbitrary file writes. This affects Docker Desktop Enterprise before 2.1.0.9, Docker Desktop for Windows Stable before 2.2.0.4, and Docker Desktop for Windows Edge before 2.2.2.0.
CVSS 6.7
CVE-2020-12446 WRITEUP HIGH WRITEUP
G.SKILL Trident Z Lighting Control <1.00.08 - Privilege Escalation
The ene.sys driver in G.SKILL Trident Z Lighting Control through 1.00.08 exposes mapping and un-mapping of physical memory, reading and writing to Model Specific Register (MSR) registers, and input from and output to I/O ports to local non-privileged users. This leads to privilege escalation to NT AUTHORITY\SYSTEM.
CVSS 7.8
CVE-2018-25313 EXPLOITDB MEDIUM python WORKING POC
SysGauge 4.5.18 Local Denial of Service via Proxy Configuration
SysGauge 4.5.18 contains a buffer overflow vulnerability in the proxy configuration handler that allows local attackers to cause a denial of service by supplying an oversized string. Attackers can inject a large payload through the Proxy Server Host Name field in the Options menu to crash the application.
CVSS 6.2
CVE-2018-25307 EXPLOITDB HIGH python WORKING POC
SysGauge Pro 4.6.12 Local Buffer Overflow SEH
SysGauge Pro 4.6.12 contains a local buffer overflow vulnerability in the Register function that allows local attackers to overwrite the structured exception handler by supplying a crafted unlock key. Attackers can inject shellcode through the Unlock Key field during registration to execute arbitrary code with application privileges.
CVSS 8.4
CVE-2019-11351 WRITEUP HIGH WRITEUP
TeamSpeak < 3.2.5 - Remote Code Execution via Untrusted Search Path
TeamSpeak 3 Client before 3.2.5 allows remote code execution in the Qt framework.
CVSS 8.8
CVE-2019-12133 WRITEUP HIGH WRITEUP
Multiple Zoho ManageEngine products - Privilege Escalation
Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current directory upon system start. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\SYSTEM. This affects Desktop Central 10.0.380, EventLog Analyzer 12.0.2, ServiceDesk Plus 10.0.0, SupportCenter Plus 8.1, O365 Manager Plus 4.0, Mobile Device Manager Plus 9.0.0, Patch Connect Plus 9.0.0, Vulnerability Manager Plus 9.0.0, Patch Manager Plus 9.0.0, OpManager 12.3, NetFlow Analyzer 11.0, OpUtils 11.0, Network Configuration Manager 11.0, FireWall 12.0, Key Manager Plus 5.6, Password Manager Pro 9.9, Analytics Plus 1.0, and Browser Security Plus.
CVSS 7.8
CVE-2019-12569 WRITEUP HIGH WRITEUP
Viber < 10.7.0 - Untrusted Search Path via Application URI Handler
A vulnerability in Viber before 10.7.0 for Desktop (Windows) could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI. An attacker could exploit this vulnerability by convincing a targeted user to follow a malicious link. Successful exploitation could cause the application to load libraries from the directory targeted by the URI link. The attacker could use this behavior to execute arbitrary commands on the system with the privileges of the targeted user, if the attacker can place a crafted library in a directory that is accessible to the vulnerable system.
CVSS 7.8
CVE-2019-13035 WRITEUP HIGH WRITEUP
Pandora FMS < 7.0_ng_735 - Local Privilege Escalation via Improper Directory Permissions
Artica Pandora FMS 7.0 NG before 735 suffers from local privilege escalation due to improper permissions on C:\PandoraFMS and its sub-folders, allowing standard users to create new files. Moreover, the Apache service httpd.exe will try to execute cmd.exe from C:\PandoraFMS (the current directory) as NT AUTHORITY\SYSTEM upon web requests to the portal. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\SYSTEM.
CVSS 7.8
CVE-2019-14969 WRITEUP HIGH WRITEUP
Netwrix Auditor < 9.8 - Unauthenticated DLL Hijacking via Insecure Log Directory Permissions
Netwrix Auditor before 9.8 has insecure permissions on %PROGRAMDATA%\Netwrix Auditor\Logs\ActiveDirectory\ and sub-folders. In addition, the service Netwrix.ADA.StorageAuditService (which writes to that directory) does not perform proper impersonation, and thus the target file will have the same permissions as the invoking process (in this case, granting Authenticated Users full access over the target file). This vulnerability can be triggered by a low-privileged user to perform DLL Hijacking/Binary Planting attacks and ultimately execute code as NT AUTHORITY\SYSTEM with the help of Symbolic Links.
CVSS 7.8
CVE-2019-5701 WRITEUP HIGH WRITEUP
NVIDIA GeForce Experience < 3.20.0.118 - Uncontrolled Search Path Element via GameStream DLL Loading
NVIDIA GeForce Experience, all versions prior to 3.20.0.118, contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service, information disclosure, or escalation of privileges through code execution.
CVSS 7.8
CVE-2019-9546 WRITEUP CRITICAL WRITEUP
SolarWinds Orion <2018.4-0 - Privilege Escalation
SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service.
CVSS 9.8
CVE-2020-15351 WRITEUP HIGH WRITEUP
IDrive <6.7.3.19 - Privilege Escalation
IDrive before 6.7.3.19 on Windows installs by default to %PROGRAMFILES(X86)%\IDriveWindows with weak folder permissions granting any user modify permission (i.e., NT AUTHORITY\Authenticated Users:(OI)(CI)(M)) to the contents of the directory and its sub-folders. In addition, the program installs a service called IDriveService that runs as LocalSystem. Thus, any standard user can escalate privileges to NT AUTHORITY\SYSTEM by substituting the service's binary with a malicious one.
CVSS 7.8
CVE-2020-15932 WRITEUP HIGH WRITEUP
Overwolf < 0.149.2.30 - Privilege Escalation via Symbolic Link Mishandling
Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, causing elevation of privileges.
CVSS 8.8
CVE-2020-8808 WRITEUP HIGH WRITEUP
CORSAIR iCUE <3.25.60 - Memory Corruption
The CorsairLLAccess64.sys and CorsairLLAccess32.sys drivers in CORSAIR iCUE before 3.25.60 allow local non-privileged users (including low-integrity level processes) to read and write to arbitrary physical memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, via a function call such as MmMapIoSpace.
CVSS 7.8
CVE-2021-33436 WRITEUP HIGH WRITEUP
NoMachine for Windows <6.15.1,7.5.2 - Privilege Escalation
NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due to the lack of safe DLL loading. This vulnerability allows local non-privileged users to perform DLL Hijacking via any writable directory listed under the system path and ultimately execute code as NT AUTHORITY\SYSTEM.
CVSS 7.3
EIP-2026-119507 EXPLOITDB python WORKING POC
10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow (SEH)
EIP-2026-119470 EXPLOITDB text WORKING POC
FTPShell Server 6.80 - Denial of Service
CVE-2018-17776 EXPLOITDB HIGH text WORKING POC
PCProtect Anti-Virus <4.8.35 - Privilege Escalation
PCProtect Anti-Virus v4.8.35 has "Everyone: (F)" permission for %PROGRAMFILES(X86)%\PCProtect, which allows local users to gain privileges by replacing an executable file with a Trojan horse.
CVSS 7.8
EIP-2026-119553 EXPLOITDB python WORKING POC
R 3.4.4 - Local Buffer Overflow (DEP Bypass)
CVE-2018-9059 EXPLOITDB CRITICAL python WORKING POC
Easy File Sharing Web Server 7.2 - Remote Code Execution via Malicious Login Request
Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 7.2 allows remote attackers to execute arbitrary code via a malicious login request to forum.ghp. NOTE: this may overlap CVE-2014-3791.
CVSS 9.8
CVE-2018-17775 EXPLOITDB HIGH text WORKING POC
Seqrite End Point Security <7.4 - Privilege Escalation
Seqrite End Point Security v7.4 has "Everyone: (F)" permission for %PROGRAMFILES%\Seqrite\Seqrite, which allows local users to gain privileges by replacing an executable file with a Trojan horse.
CVSS 7.8