SecureAuth

7 exploits Active since Oct 2018
CVE-2019-3474 EXPLOITDB MEDIUM text WORKING POC
Micro Focus Filr 3.x - Authenticated Path Traversal and Arbitrary File Read
A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
CVSS 6.5
CVE-2018-10711 EXPLOITDB HIGH text WORKING POC
ASRock RGBLED <1.0.35.1, A-Tuning/F-Stream <3.0.210, RestartToUEFI <1.0.6.2 - Ring-0 Code Execution via MSR
The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write Machine Specific Registers (MSRs). This could be leveraged to execute arbitrary ring-0 code.
CVSS 7.8
CVE-2018-10710 EXPLOITDB HIGH text WORKING POC
Asrock A-tuning < 3.0.210 - Incorrect Permission Assignment
The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.
CVSS 7.1
CVE-2018-10709 EXPLOITDB HIGH text WORKING POC
ASRock RGBLED <1.0.35.1, A-Tuning/F-Stream <3.0.210, RestartToUEFI <1.0.6.2 - Privilege Escalation via CR Register
The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write CR register values. This could be leveraged in a number of ways to ultimately run code with elevated privileges.
CVSS 7.8
CVE-2019-1674 EXPLOITDB HIGH text WORKING POC
Cisco Webex Meetings < 33.6.6 Authenticated OS Command Injection via Update Service
A vulnerability in the update service of Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges. While the CVSS Attack Vector metric denotes the requirement for an attacker to have local access, administrators should be aware that in Active Directory deployments, the vulnerability could be exploited remotely by leveraging the operating system remote management tools. This vulnerability is fixed in Cisco Webex Meetings Desktop App Release 33.6.6 and 33.9.1 releases. This vulnerability is fixed in Cisco Webex Productivity Tools Release 33.0.7.
CVSS 7.8
CVE-2018-10712 EXPLOITDB HIGH text WORKING POC
ASRock RGBLED <1.0.35.1, A-Tuning/F-Stream <3.0.210, RestartToUEFI <1.0.6.2 - Privilege Escalation via IO Port
The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.
CVSS 7.8
CVE-2019-3475 EXPLOITDB HIGH text WORKING POC
Micro Focus Filr 3.x < Security Update 6 - Authenticated Local Privilege Escalation via famtd Component
A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
CVSS 7.8