CVE-2015-3442

Soreco Xpert.Line 3.0 allows local users to spoof users and consequently gain privileges by intercepting a Windows API call...

Code injection

Soreco Xpert.Line 3.0 allows local users to spoof users and consequently gain privileges by intercepting a Windows API call...

Moderate: Red Hat Security Advisory: satellite and spacewalk security and bug fix update

An update for satellite-schema, spacewalk-backend, spacewalk-java, and spacewalk-schema is now available for Red Hat Satellite 5.8 and Red Hat Satellite 5.8 ELS. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base...

Automated Android Malware Analysis: CuckooDroid

CuckooDroid is an extension of Cuckoo Sandbox the Open Source software for automating analysis of suspicious files. CuckooDroid brigs to cuckoo the capabilities of execution and analysis of android application. CuckooDroid is an automated, cross-platform, emulation and analysis framework based on...

Code injection

Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. This is fixed in versions rancher/server:v1.2.4, rancher/server:v1.3.5, rancher/server:v1.4.3, and rancher/server:v1.5.3...

CVE-2017-7297

Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. This is fixed in versions rancher/server:v1.2.4, rancher/server:v1.3.5, rancher/server:v1.4.3, and rancher/server:v1.5.3...

CVE-2017-7297

CVE-2017-7297 affects Rancher Server (Rancher Labs) 1.2.0+ where an authenticated user can disable access control via an API call. The vulnerability stemms from improper access control enforcement exposed through the Rancher API, enabling unauthorized modification of access controls. Impact is re...

CVE-2016-4305

A denial of service vulnerability exists in the syscall filtering functionality of Kaspersky Internet Security KLIF driver. A specially crafted native api call can cause a access violation in KLIF kernel driver resulting in local denial of service. An attacker can run program from user-mode to...

CVE-2016-4304

A denial of service vulnerability exists in the syscall filtering functionality of the Kaspersky Internet Security KLIF driver. A specially crafted native api call request can cause a access violation exception in KLIF kernel driver resulting in local denial of service. An attacker can run progra...

CVE-2016-4304

A denial of service vulnerability exists in the syscall filtering functionality of the Kaspersky Internet Security KLIF driver. A specially crafted native api call request can cause a access violation exception in KLIF kernel driver resulting in local denial of service. An attacker can run progra...

Denial of service

A denial of service vulnerability exists in the syscall filtering functionality of the Kaspersky Internet Security KLIF driver. A specially crafted native api call request can cause a access violation exception in KLIF kernel driver resulting in local denial of service. An attacker can run progra...

Denial of service

A denial of service vulnerability exists in the syscall filtering functionality of Kaspersky Internet Security KLIF driver. A specially crafted native api call can cause a access violation in KLIF kernel driver resulting in local denial of service. An attacker can run program from user-mode to...

CVE-2016-4305

A denial of service vulnerability exists in the syscall filtering functionality of Kaspersky Internet Security KLIF driver. A specially crafted native api call can cause a access violation in KLIF kernel driver resulting in local denial of service. An attacker can run program from user-mode to...

CVE-2015-8542

An issue was discovered in Open-Xchange Guard before 2.2.0-rev8. The "getprivkeybyid" API call is used to download a PGP Private Key for a specific user after providing authentication credentials. Clients provide the "id" and "cid" parameter to specify the current user by its user- and context-ID...

Privilege escalation

The kernel in Microsoft Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability."...

Privilege escalation

The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of...

CVE-2016-0075

CVE-2016-0075 affects the Windows kernel on Windows 8.1, Windows Server 2012 (Gold/R2), Windows RT 8.1, and Windows 10 (1511/1607). It enables a local attacker to gain privileges by a crafted application that calls a kernel API to read sensitive information from the registry. Exploit PoCs exist (...

CVE-2016-0073

CVE-2016-0073 affects Windows kernel local elevation of privilege on Windows 8.1, Windows Server 2012 (Gold/R2), Windows RT 8.1, and Windows 10 (1511/1607). Root cause: crafted application triggers a kernel API pathway to access sensitive registry information, enabling local privilege escalation....

CVE-2016-0075

The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of...

Reverb.com: IDOR - Ability to view unlisted products

Hi All, I believe I've found a vulnerability on your sandbox site which allows attackers to view the details of listings that are unpublished. Description While creating a product, I noticed there is a call to https://sandbox.reverb.com/api/listings/65905/productbundle which returns json details...