CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-27643
https://notcve.org/view.php?id=CVE-2020-27643
The %PROGRAMDATA%\1E\Client directory in 1E Client 5.0.0.745 and 4.1.0.267 allows remote authenticated users and local users to create and modify files in protected directories (where they would not normally have access to create or modify files) via the creation of a junction point to a system directory. This leads to partial privilege escalation. El directorio %PROGRAMDATA%\1E\Client en 1E Client versiones 5.0.0.745 y 4.1.0.267, permite a los usuarios autenticados remotos y a los usuarios locales crear y modificar archivos en directorios protegidos (donde normalmente no tendrían acceso para crear o modificar archivos) mediante la creación de un punto de unión en un directorio del sistema. Esto conduce a una escalada parcial de privilegios • https://help.1e.com/display/GI/1E+Security+Advisory-1E+Client+for+Windows%3A+CVE-2020-16268%2C+CVE-2020-27643%2C+CVE-2020-27644%2C+CVE-2020-27645 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-16268
https://notcve.org/view.php?id=CVE-2020-16268
The MSI installer in 1E Client 4.1.0.267 and 5.0.0.745 allows remote authenticated users and local users to gain elevated privileges via the repair option. This applies to installations that have a TRANSFORM (MST) with the option to disable the installation of the Nomad module. An attacker may craft a .reg file in a specific location that will be able to write to any registry key as an elevated user. El instalador MSI en 1E Client versiones 4.1.0.267 y 5.0.0.745, permite a los usuarios autenticados remotos y a los usuarios locales obtener privilegios elevados por medio de la opción de reparación. Esto se aplica a instalaciones que tienen un TRANSFORM (MST) con la opción de deshabilitar la instalación del módulo Nomad. • https://help.1e.com/display/GI/1E+Security+Advisory-1E+Client+for+Windows%3A+CVE-2020-16268%2C+CVE-2020-27643%2C+CVE-2020-27644%2C+CVE-2020-27645 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.2EPSS: 0%CPEs: 11EXPL: 5CVE-2013-3956 – Novell Client 2 SP3 - 'nicm.sys 3.1.11.0' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2013-3956
The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003; Novell Client 2 SP2 on Windows Vista and Windows Server 2008; and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted 0x143B6B IOCTL call. El controlador del kernel NICM.SYS 3.1.11.0 en Novell Client 4.91 SP5 sobre Windows XP and Windows Server 2003; Novell Client 2 SP2 sobre Windows Vista y Windows Server 2008; y Novell Client 2 SP3 sobre Windows Server 2008 R2, Windows 7, Windows 8, y Windows Server 2012, permite a usuarios locales obtener privilegio a través de una llamada 0x143B6B IOCTL manipulada. • https://www.exploit-db.com/exploits/27191 https://www.exploit-db.com/exploits/26452 http://pastebin.com/GB4iiEwR http://www.exploit-db.com/exploits/26452 http://www.exploit-db.com/exploits/27191 http://www.novell.com/support/kb/doc.php?id=7012497 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 11EXPL: 1CVE-2013-3697
https://notcve.org/view.php?id=CVE-2013-3697
Integer overflow in the NWFS.SYS kernel driver 4.91.5.8 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003 and the NCPL.SYS kernel driver in Novell Client 2 SP2 on Windows Vista and Windows Server 2008 and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 might allow local users to gain privileges via a crafted 0x1439EB IOCTL call. Desbordamiento de enterio en el controlador para el kernel NWFS.SYS 4.91.5.8 en Novell Client 4.91 SP5 sobre Windows XP y Windows Server 2003 y el controlador del kernel NCPL.SYS en Novell Client 2 SP2 sobre Windows Vista y Windows Server 2008 y Novell Client 2 SP3 sobre Windows Server 2008 R2, Windows 7, Windows 8, y Windows Server 2012, podría permitir a usuarios locales obtener privilegios a través de una llamada 0x1439EB IOCTL manipulada. • http://pastebin.com/RcS2Bucg http://www.novell.com/support/kb/doc.php?id=7012497 • CWE-189: Numeric Errors •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2008-1106
https://notcve.org/view.php?id=CVE-2008-1106
The management interface in Akamai Client (formerly Red Swoosh) 3322 and earlier allows remote attackers to bypass authentication via an HTTP request that contains (1) no Referer header, or (2) a spoofed Referer header that matches an approved domain, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and force the client to download and execute arbitrary files. La interfaz de administración de Akamai Client (formerly Red Swoosh) 3322 y versiones anteriores permite a atacantes remotos evitar la autenticación a través de una petición HTTP que contiene (1) la cabecera Referer , o (2) una cabecera envenenada Referer que coincide con un dominio válido, lo cual permite a atacantes remotos llevar a cabo un ataque de falsificación de petición en sitios cruzados (CSRF) y forzar al cliente a descargar y ejecutar ficheros de su elección. • http://secunia.com/advisories/30135 http://secunia.com/secunia_research/2008-19/advisory http://securityreason.com/securityalert/3930 http://www.securityfocus.com/archive/1/493169/100/0/threaded http://www.securityfocus.com/archive/1/493170/100/0/threaded http://www.securitytracker.com/id?1020208 http://www.vupen.com/english/advisories/2008/1761/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42895 • CWE-287: Improper Authentication CWE-352: Cross-Site Request Forgery (CSRF) •