Ronnie Salomonsen

21 exploits Active since Oct 2021
CVE-2021-25657 WRITEUP HIGH WRITEUP
Avaya IP Office < 11.1 - Improper Privilege Management
A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions.
CVSS 7.8
CVE-2021-27765 WRITEUP MEDIUM WRITEUP
BigFix Server API - Privilege Escalation
The BigFix Server API installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed.
CVSS 6.7
CVE-2021-27766 WRITEUP MEDIUM WRITEUP
BigFix Client - Privilege Escalation
The BigFix Client installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed.
CVSS 6.7
CVE-2021-27767 WRITEUP MEDIUM WRITEUP
BigFix Console - Privilege Escalation
The BigFix Console installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed.
CVSS 6.7
CVE-2021-30359 WRITEUP HIGH WRITEUP
Harmony Browse & SandBlast Agent <90.08.7405 - Privilege Escalation
The Harmony Browse and the SandBlast Agent for Browsers installers must have admin privileges to execute some steps during the installation. Because the MS Installer allows regular users to repair their installation, an attacker running an installer before 90.08.7405 can start the installation repair and place a specially crafted binary in the repair folder, which runs with the admin privileges.
CVSS 7.8
CVE-2021-30360 WRITEUP HIGH WRITEUP
Check Point Remote Access Client - Code Injection
Users have access to the directory where the installation repair occurs. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted EXE in the repair folder which runs with the Check Point Remote Access Client privileges.
CVSS 7.8
CVE-2021-41526 WRITEUP HIGH WRITEUP
Flexera Revenera Installshield < 2021 - Privilege Escalation
A vulnerability has been reported in the windows installer (MSI) built with InstallScript custom action. This vulnerability may allow privilege escalation when invoked ‘repair’ of the MSI which has an InstallScript custom action.
CVSS 7.8
CVE-2021-41988 WRITEUP HIGH WRITEUP
Qlik Nprinting Designer < 21.14.3.0 - Exposure to Wrong Actor
Qlik NPrinting Designer through 21.14.3.0 creates a Temporary File in a Directory with Insecure Permissions.
CVSS 7.8
CVE-2021-41989 WRITEUP HIGH WRITEUP
Qlikview < 12.60.20100.0 - Exposure to Wrong Actor
Qlik QlikView through 12.60.20100.0 creates a Temporary File in a Directory with Insecure Permissions.
CVSS 7.8
CVE-2021-42254 WRITEUP HIGH WRITEUP
Beyondtrust Privilege Management For Windows - Exposure to Wrong Actor
BeyondTrust Privilege Management prior to version 21.6 creates a Temporary File in a Directory with Insecure Permissions.
CVSS 7.8
CVE-2021-42255 WRITEUP HIGH WRITEUP
Blueplanet-works Appguard < 6.7.100.1 - Exposure to Wrong Actor
AppGuard Enterprise before 6.7.100.1 creates a Temporary File in a Directory with Insecure Permissions. Local users can gain SYSTEM privileges because a repair operation relies on the %TEMP% directory of an unprivileged user.
CVSS 7.8
CVE-2021-42711 WRITEUP HIGH WRITEUP
Barracuda Network Access Client - Incorrect Default Permissions
Barracuda Network Access Client before 5.2.2 creates a Temporary File in a Directory with Insecure Permissions. This file is executed with SYSTEM privileges when an unprivileged user performs a repair operation.
CVSS 7.8
CVE-2021-42712 WRITEUP HIGH WRITEUP
Splashtop Streamer < 3.5.0.0 - Exposure to Wrong Actor
Splashtop Streamer through 3.4.8.3 creates a Temporary File in a Directory with Insecure Permissions.
CVSS 7.8
CVE-2021-42713 WRITEUP HIGH WRITEUP
Splashtop < 3.4.8.4 - Exposure to Wrong Actor
Splashtop Remote Client (Personal Edition) through 3.4.6.1 creates a Temporary File in a Directory with Insecure Permissions.
CVSS 7.8
CVE-2021-42714 WRITEUP HIGH WRITEUP
Splashtop < 3.5.0.0 - Exposure to Wrong Actor
Splashtop Remote Client (Business Edition) through 3.4.8.3 creates a Temporary File in a Directory with Insecure Permissions.
CVSS 7.8
CVE-2021-42810 WRITEUP HIGH WRITEUP
Product < Previous - Privilege Escalation
A flaw in the previous versions of the product may allow an authenticated attacker the ability to execute code as a privileged user on a system where the agent is installed.
CVSS 7.8
CVE-2022-21558 WRITEUP HIGH WRITEUP
Oracle Crystal Ball <11.1.2.4.900 - Low Privilege Compromise
Vulnerability in the Oracle Crystal Ball product of Oracle Construction and Engineering (component: Installation). Supported versions that are affected are 11.1.2.0.000-11.1.2.4.900. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Crystal Ball executes to compromise Oracle Crystal Ball. While the vulnerability is in Oracle Crystal Ball, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Crystal Ball. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).
CVSS 7.8
CVE-2022-22187 WRITEUP HIGH WRITEUP
Juniper Identity Management Service < 1.4.0 - Improper Privilege Management
An Improper Privilege Management vulnerability in the Windows Installer framework used in the Juniper Networks Juniper Identity Management Service (JIMS) allows an unprivileged user to trigger a repair operation. Running a repair operation, in turn, will trigger a number of file operations in the %TEMP% folder of the user triggering the repair. Some of these operations will be performed from a SYSTEM context (started via the Windows Installer service), including the execution of temporary files. An attacker may be able to provide malicious binaries to the Windows Installer, which will be executed with high privilege, leading to a local privilege escalation. This issue affects Juniper Networks Juniper Identity Management Service (JIMS) versions prior to 1.4.0.
CVSS 7.8
CVE-2022-34827 WRITEUP CRITICAL WRITEUP
Carel Boss Mini Firmware - Improper Access Control
Carel Boss Mini 1.5.0 has Improper Access Control.
CVSS 9.9
CVE-2023-26077 WRITEUP HIGH WRITEUP
Atera Agent <1.8.3.6 - Path Traversal
Atera Agent through 1.8.3.6 on Windows Creates a Temporary File in a Directory with Insecure Permissions.
CVSS 7.8
CVE-2023-26078 WRITEUP HIGH WRITEUP
Atera Agent <1.8.4.4 - Privilege Escalation
Privilege escalation vulnerability was discovered in Atera Agent 1.8.4.4 and prior on Windows due to mishandling of privileged APIs.
CVSS 7.8