‘Panda Security 2016 Home User’ privilege escalation

All Panda Security 2016 home user products for Windows are vulnerable to privilege escalation, CVE-2015-7378, which allows a local attacker to execute code as SYSTEM from any account (guest included), thus completely compromising the affected host.

‘Panda Security 2016 Business’ privilege escalation

Panda Endpoint Administration Agent allows a local attacker to elevate his privileges from any account type and execute code as SYSTEM, thus completely compromising the affected host, as described in CVE-2016-3943.

CVE-2015-7596 through CVE-2015-7598 & CVE-2015-7961 through CVE-2015-7967: SafeNet Authentication Service Agent vulnerabilities

Several SafeNet Authentication Service Agents could allow a local attacker to obtain privilege escalation due to weak ACLs assigned to subdirectories and executable modules of those products. A user with low privileges could modify and/or substitute executable modules which a high privileged user could later execute in their own security context. Further detail A PDF […]

‘QNAP Signage Station iArtist Lite’ SYSTEM for everyone (Part 3)

The QNAP iArtist Lite application is vulnerable to an uncontrolled search path element. This flaw can be leveraged by a low privileged user or malware to mount a binary file planting attack and obtain SYSTEM level access.

QNAP Signage Station: Publish and Be Damned (Part 2)

tl;dr Nettitude has discovered that the iArtist application is vulnerable to CWE-290 Authentication Bypass by Spoofing. This flaw can be leveraged to remove the need to supply valid credentials when uploading a presentation. Additionally, the Signage Station system suffers from CWE-768 Use of Hard-coded Credentials. This grants access to the host NAS FTP service and […]

QNAP Signage Station: Publish and Be Damned (Part 1)

tl;dr Nettitude researchers have discovered that QNAP Signage Station is vulnerable to CWE-434, Unrestricted Upload of File with Dangerous Type. This flaw can be leveraged by a low privileged remote user to gain interactive system access as a member of the Administrator’s group. Introduction Signage Station is a QNAP authored application that runs on a […]