Julian Horoszkiewicz (Eviden Red Team)

4 exploits Active since Oct 2023
CVE-2024-25376 NOMISEC HIGH WORKING POC
Thesycon Software Solutions Gmbh & Co. KG TUSBAudio <5.68.0 - RCE
An issue discovered in Thesycon Software Solutions Gmbh & Co. KG TUSBAudio MSI-based installers before 5.68.0 allows a local attacker to execute arbitrary code via the msiexec.exe repair mode.
2 stars
CVSS 7.8
CVE-2023-38041 NOMISEC HIGH WORKING POC
Ivanti Secure Access Client < 22.6 - Authenticated Privilege Escalation via TOCTOU Race Condition
A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process flow is initiated, an attacker can exploit this condition to gain unauthorized elevated privileges on the affected system.
2 stars
CVSS 7.0
CVE-2024-35315 NOMISEC MEDIUM WORKING POC
Mitel Micollab < 9.7.1.110 - Code Injection
A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an authenticated attacker to conduct a privilege escalation attack due to improper file validation. A successful exploit could allow an attacker to run arbitrary code with elevated privileges.
1 stars
CVSS 5.6
CVE-2023-7016 NOMISEC HIGH WORKING POC
Thales SafeNet Authentication Client < 10.8 R10 - Privilege Escalation to SYSTEM via Local Access
A flaw in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to execute code at a SYSTEM level via local access.
1 stars
CVSS 7.8