ewilded

6 exploits Active since Aug 2023
CVE-2024-0197 NOMISEC HIGH WORKING POC
Thalesgroup Sentinel Hasp Ldk < 9.16 - Improper Privilege Management
A flaw in the installer for Thales SafeNet Sentinel HASP LDK prior to 9.16 on Windows allows an attacker to escalate their privilege level via local access.
3 stars
CVSS 7.8
CVE-2024-25376 NOMISEC HIGH WORKING POC
Thesycon Software Solutions Gmbh & Co. KG TUSBAudio <5.68.0 - RCE
An issue discovered in Thesycon Software Solutions Gmbh & Co. KG TUSBAudio MSI-based installers before 5.68.0 allows a local attacker to execute arbitrary code via the msiexec.exe repair mode.
2 stars
CVSS 7.8
CVE-2023-37250 NOMISEC HIGH WORKING POC
Unity Parsec < 9.0 - TOCTOU Race Condition
Unity Parsec has a TOCTOU race condition that permits local attackers to escalate privileges to SYSTEM if Parsec was installed in "Per User" mode. The application intentionally launches DLLs from a user-owned directory but intended to always perform integrity verification of those DLLs. This affects Parsec Loader versions through 8. Parsec Loader 9 is a fixed version.
2 stars
CVSS 7.0
CVE-2023-38041 NOMISEC HIGH WORKING POC
Ivanti Secure Access Client < 22.6 - TOCTOU Race Condition
A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process flow is initiated, an attacker can exploit this condition to gain unauthorized elevated privileges on the affected system.
2 stars
CVSS 7.0
CVE-2024-35315 NOMISEC MEDIUM WORKING POC
Mitel Micollab < 9.7.1.110 - Code Injection
A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an authenticated attacker to conduct a privilege escalation attack due to improper file validation. A successful exploit could allow an attacker to run arbitrary code with elevated privileges.
1 stars
CVSS 5.6
CVE-2023-7016 NOMISEC HIGH WORKING POC
Thalesgroup Safenet Authentication Cl... - Improper Privilege Management
A flaw in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to execute code at a SYSTEM level via local access.
1 stars
CVSS 7.8