OUR LATEST RESEARCH
'Panda Security 2016 Home User' privilege escalation
All Panda Security 2016 home user products for Windows are vulnerable to privilege escalation, CVE-2015-7378, which allows a local attacker to execute code as SYSTEM from any account (guest included), thus completely compromising the affected [...]
'Panda Security 2016 Business' privilege escalation
Panda Endpoint Administration Agent allows a local attacker to elevate his privileges from any account type and execute code as SYSTEM, thus completely compromising the affected host, as described in CVE-2016-3943. […]
CVE-2015-7596 through CVE-2015-7598 & CVE-2015-7961 through CVE-2015-7967: SafeNet Authentication Service Agent vulnerabilities
Several SafeNet Authentication Service Agents could allow a local attacker to obtain privilege escalation due to weak ACLs assigned to subdirectories and executable modules of those products. A user with low privileges could modify and/or [...]
'QNAP Signage Station iArtist Lite' SYSTEM for everyone (Part 3)
The QNAP iArtist Lite application is vulnerable to an uncontrolled search path element. This flaw can be leveraged by a low privileged user or malware to mount a binary file planting attack and obtain SYSTEM level access. [...]
QNAP Signage Station: Publish and Be Damned (Part 2)
tl;dr Nettitude has discovered that the iArtist application is vulnerable to CWE-290 Authentication Bypass by Spoofing. This flaw can be leveraged to remove the need to supply valid credentials when uploading a presentation. Additionally, the [...]