All Panda Security 2016 home user products for Windows are vulnerable to privilege escalation, CVE-2015-7378, which allows a local attacker to execute code as SYSTEM from any account (guest included), thus completely compromising the affected host.
Panda Endpoint Administration Agent allows a local attacker to elevate his privileges from any account type and execute code as SYSTEM, thus completely compromising the affected host, as described in CVE-2016-3943.
Several SafeNet Authentication Service Agents could allow a local attacker to obtain privilege escalation due to weak ACLs assigned to subdirectories and executable modules of those products. A user with low privileges could modify and/or substitute executable modules which a high privileged user could later execute in their own security context. Further detail A PDF […]
The QNAP iArtist Lite application is vulnerable to an uncontrolled search path element. This flaw can be leveraged by a low privileged user or malware to mount a binary file planting attack and obtain SYSTEM level access.
tl;dr Nettitude has discovered that the iArtist application is vulnerable to CWE-290 Authentication Bypass by Spoofing. This flaw can be leveraged to remove the need to supply valid credentials when uploading a presentation. Additionally, the Signage Station system suffers from CWE-768 Use of Hard-coded Credentials. This grants access to the host NAS FTP service and […]
tl;dr Nettitude researchers have discovered that QNAP Signage Station is vulnerable to CWE-434, Unrestricted Upload of File with Dangerous Type. This flaw can be leveraged by a low privileged remote user to gain interactive system access as a member of the Administrator’s group. Introduction Signage Station is a QNAP authored application that runs on a […]