CVE-2022-27167 – Arbitrary File Deletion in ESET products for Windows
https://notcve.org/view.php?id=CVE-2022-27167
Privilege escalation vulnerability in Windows products of ESET, spol. s r.o. allows attacker to exploit "Repair" and "Uninstall" features what may lead to arbitrary file deletion. This issue affects: ESET, spol. s r.o. ESET NOD32 Antivirus 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Internet Security 11.2 versions prior to 15.1.12.0. • https://support.eset.com/en/ca8268 • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-755: Improper Handling of Exceptional Conditions •
CVE-2021-37852 – LPE in ESET products for Windows
https://notcve.org/view.php?id=CVE-2021-37852
ESET products for Windows allows untrusted process to impersonate the client of a pipe, which can be leveraged by attacker to escalate privileges in the context of NT AUTHORITY\SYSTEM. Los productos de ESET para Windows permiten a un proceso no confiable hacerse pasar por el cliente de una tubería, lo que puede ser aprovechado por un atacante para escalar privilegios en el contexto de NT AUTHORITY\SYSTEM This vulnerability allows local attackers to escalate privileges on affected installations of ESET Endpoint Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the use of named pipes. The issue results from allowing an untrusted process to impersonate the client of a pipe. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://support.eset.com/en/ca8223-local-privilege-escalation-vulnerability-fixed-in-eset-products-for-windows https://www.zerodayinitiative.com/advisories/ZDI-22-148 • CWE-269: Improper Privilege Management •
CVE-2020-26941
https://notcve.org/view.php?id=CVE-2020-26941
A local (authenticated) low-privileged user can exploit a behavior in an ESET installer to achieve arbitrary file overwrite (deletion) of any file via a symlink, due to insecure permissions. The possibility of exploiting this vulnerability is limited and can only take place during the installation phase of ESET products. Furthermore, exploitation can only succeed when Self-Defense is disabled. Affected products are: ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security, ESET Smart Security Premium versions 13.2 and lower; ESET Endpoint Antivirus, ESET Endpoint Security, ESET NOD32 Antivirus Business Edition, ESET Smart Security Business Edition versions 7.3 and lower; ESET File Security for Microsoft Windows Server, ESET Mail Security for Microsoft Exchange Server, ESET Mail Security for IBM Domino, ESET Security for Kerio, ESET Security for Microsoft SharePoint Server versions 7.2 and lower. Un usuario local (autenticado) con pocos privilegios puede explotar un comportamiento en un instalador de ESET para lograr la sobrescritura (eliminación) arbitraria de cualquier archivo por medio de un enlace simbólico, debido a permisos no seguros. • https://support.eset.com/en/ca7794-local-privilege-escalation-vulnerability-fixed-in-eset-products-for-windows • CWE-276: Incorrect Default Permissions •
CVE-2018-12636 – iThemes Security <= 7.0.2 - Authenticated SQL Injection
https://notcve.org/view.php?id=CVE-2018-12636
The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page. El plugin iThemes Security (better-wp-security) en versiones anteriores a la 7.0.3 para WordPress permite la inyección SQL (por atacantes con privilegios Admin) mediante la página de logs. WordPress iThemes Security plugin versions prior to 7.0.3 suffer from a remote SQL injection vulnerability. • https://www.exploit-db.com/exploits/44943 https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E https://wordpress.org/plugins/better-wp-security/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2018-7433 – iThemes Security <= 6.9.0 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-7433
The iThemes Security plugin before 6.9.1 for WordPress does not properly perform data escaping for the logs page. El plugin iThemes Security, en versiones anteriores a la 6.9.1, para WordPress no realiza correctamente el escapado de datos para la página de logs. • https://wordpress.org/plugins/better-wp-security/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-532: Insertion of Sensitive Information into Log File •