Hashim Jawad

27 exploits Active since Apr 2018
CVE-2018-25313 EXPLOITDB MEDIUM python WORKING POC
SysGauge 4.5.18 Local Denial of Service via Proxy Configuration
SysGauge 4.5.18 contains a buffer overflow vulnerability in the proxy configuration handler that allows local attackers to cause a denial of service by supplying an oversized string. Attackers can inject a large payload through the Proxy Server Host Name field in the Options menu to crash the application.
CVSS 6.2
CVE-2018-25307 EXPLOITDB HIGH python WORKING POC
SysGauge Pro 4.6.12 Local Buffer Overflow SEH
SysGauge Pro 4.6.12 contains a local buffer overflow vulnerability in the Register function that allows local attackers to overwrite the structured exception handler by supplying a crafted unlock key. Attackers can inject shellcode through the Unlock Key field during registration to execute arbitrary code with application privileges.
CVSS 8.4
CVE-2019-11351 WRITEUP HIGH WRITEUP
TeamSpeak 3 Client <3.2.5 - RCE
TeamSpeak 3 Client before 3.2.5 allows remote code execution in the Qt framework.
CVSS 8.8
CVE-2019-12133 WRITEUP HIGH WRITEUP
Multiple Zoho ManageEngine products - Privilege Escalation
Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current directory upon system start. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\SYSTEM. This affects Desktop Central 10.0.380, EventLog Analyzer 12.0.2, ServiceDesk Plus 10.0.0, SupportCenter Plus 8.1, O365 Manager Plus 4.0, Mobile Device Manager Plus 9.0.0, Patch Connect Plus 9.0.0, Vulnerability Manager Plus 9.0.0, Patch Manager Plus 9.0.0, OpManager 12.3, NetFlow Analyzer 11.0, OpUtils 11.0, Network Configuration Manager 11.0, FireWall 12.0, Key Manager Plus 5.6, Password Manager Pro 9.9, Analytics Plus 1.0, and Browser Security Plus.
CVSS 7.8
CVE-2019-12569 WRITEUP HIGH WRITEUP
Rakuten Viber < 10.7.0 - Untrusted Search Path
A vulnerability in Viber before 10.7.0 for Desktop (Windows) could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI. An attacker could exploit this vulnerability by convincing a targeted user to follow a malicious link. Successful exploitation could cause the application to load libraries from the directory targeted by the URI link. The attacker could use this behavior to execute arbitrary commands on the system with the privileges of the targeted user, if the attacker can place a crafted library in a directory that is accessible to the vulnerable system.
CVSS 7.8
CVE-2019-13035 WRITEUP HIGH WRITEUP
Pandorafms Pandora Fms < 7.0_ng_735 - Privilege Escalation
Artica Pandora FMS 7.0 NG before 735 suffers from local privilege escalation due to improper permissions on C:\PandoraFMS and its sub-folders, allowing standard users to create new files. Moreover, the Apache service httpd.exe will try to execute cmd.exe from C:\PandoraFMS (the current directory) as NT AUTHORITY\SYSTEM upon web requests to the portal. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\SYSTEM.
CVSS 7.8
CVE-2019-14969 WRITEUP HIGH WRITEUP
Netwrix Auditor < 9.8 - Incorrect Permission Assignment
Netwrix Auditor before 9.8 has insecure permissions on %PROGRAMDATA%\Netwrix Auditor\Logs\ActiveDirectory\ and sub-folders. In addition, the service Netwrix.ADA.StorageAuditService (which writes to that directory) does not perform proper impersonation, and thus the target file will have the same permissions as the invoking process (in this case, granting Authenticated Users full access over the target file). This vulnerability can be triggered by a low-privileged user to perform DLL Hijacking/Binary Planting attacks and ultimately execute code as NT AUTHORITY\SYSTEM with the help of Symbolic Links.
CVSS 7.8
CVE-2019-5701 WRITEUP HIGH WRITEUP
Nvidia Geforce Experience < 3.20.0.118 - Uncontrolled Search Path
NVIDIA GeForce Experience, all versions prior to 3.20.0.118, contains a vulnerability when GameStream is enabled in which an attacker with local system access can load the Intel graphics driver DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), which may lead to denial of service, information disclosure, or escalation of privileges through code execution.
CVSS 7.8
CVE-2019-9546 WRITEUP CRITICAL WRITEUP
SolarWinds Orion <2018.4-0 - Privilege Escalation
SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service.
CVSS 9.8
CVE-2020-15351 WRITEUP HIGH WRITEUP
IDrive <6.7.3.19 - Privilege Escalation
IDrive before 6.7.3.19 on Windows installs by default to %PROGRAMFILES(X86)%\IDriveWindows with weak folder permissions granting any user modify permission (i.e., NT AUTHORITY\Authenticated Users:(OI)(CI)(M)) to the contents of the directory and its sub-folders. In addition, the program installs a service called IDriveService that runs as LocalSystem. Thus, any standard user can escalate privileges to NT AUTHORITY\SYSTEM by substituting the service's binary with a malicious one.
CVSS 7.8
CVE-2020-15932 WRITEUP HIGH WRITEUP
Overwolf < 0.149.2.30 - Symlink Following
Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, causing elevation of privileges.
CVSS 8.8
CVE-2020-8808 WRITEUP HIGH WRITEUP
CORSAIR iCUE <3.25.60 - Memory Corruption
The CorsairLLAccess64.sys and CorsairLLAccess32.sys drivers in CORSAIR iCUE before 3.25.60 allow local non-privileged users (including low-integrity level processes) to read and write to arbitrary physical memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, via a function call such as MmMapIoSpace.
CVSS 7.8
CVE-2021-33436 WRITEUP HIGH WRITEUP
NoMachine for Windows <6.15.1,7.5.2 - Privilege Escalation
NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due to the lack of safe DLL loading. This vulnerability allows local non-privileged users to perform DLL Hijacking via any writable directory listed under the system path and ultimately execute code as NT AUTHORITY\SYSTEM.
CVSS 7.3
CVE-2018-17776 EXPLOITDB HIGH text WORKING POC
PCProtect Anti-Virus <4.8.35 - Privilege Escalation
PCProtect Anti-Virus v4.8.35 has "Everyone: (F)" permission for %PROGRAMFILES(X86)%\PCProtect, which allows local users to gain privileges by replacing an executable file with a Trojan horse.
CVSS 7.8
EIP-2026-119470 EXPLOITDB text WORKING POC
FTPShell Server 6.80 - Denial of Service
EIP-2026-119506 EXPLOITDB python WORKING POC
10-Strike Network Inventory Explorer 8.54 - 'Registration Key' Buffer Overflow (SEH)
EIP-2026-119507 EXPLOITDB python WORKING POC
10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow (SEH)
EIP-2026-119508 EXPLOITDB python WORKING POC
10-Strike Network Scanner 3.0 - Local Buffer Overflow (SEH)
EIP-2026-119553 EXPLOITDB python WORKING POC
R 3.4.4 - Local Buffer Overflow (DEP Bypass)
CVE-2018-9059 EXPLOITDB CRITICAL python WORKING POC
Sharing-file Easy File Sharing Web Server - Memory Corruption
Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 7.2 allows remote attackers to execute arbitrary code via a malicious login request to forum.ghp. NOTE: this may overlap CVE-2014-3791.
CVSS 9.8
CVE-2018-16302 EXPLOITDB HIGH python WORKING POC
Mc1soft Zip-n-go < 4.95 - Memory Corruption
MediaComm Zip-n-Go before 4.95 has a Buffer Overflow via a crafted file.
CVSS 7.8
CVE-2018-17775 EXPLOITDB HIGH text WORKING POC
Seqrite End Point Security <7.4 - Privilege Escalation
Seqrite End Point Security v7.4 has "Everyone: (F)" permission for %PROGRAMFILES%\Seqrite\Seqrite, which allows local users to gain privileges by replacing an executable file with a Trojan horse.
CVSS 7.8
CVE-2018-18435 EXPLOITDB HIGH text WRITEUP
Kioware Server < 4.9.6 - Incorrect Permission Assignment
KioWare Server version 4.9.6 and older installs by default to "C:\kioware_com" with weak folder permissions granting any user full permission "Everyone: (F)" to the contents of the directory and it's sub-folders. In addition, the program installs a service called "KWSService" which runs as "Localsystem", this will allow any user to escalate privileges to "NT AUTHORITY\SYSTEM" by substituting the service's binary with a malicious one.
CVSS 7.8
EIP-2026-117091 EXPLOITDB python WORKING POC
Easy CD DVD Copy 1.3.24 - Local Buffer Overflow (SEH)
EIP-2026-117218 EXPLOITDB python WORKING POC
FTPShell Server 6.80 - Buffer Overflow (SEH)