473 matches found
CVE-2018-6669
McAfee Application Control and Change Control (versions 7.0.1 and earlier) contain a whitelist bypass vulnerability. A remote or local user can execute blacklisted files via an ASP.NET form, bypassing the intended restrictions. The CVE has CVSS v3.0 base score 8.0 (HIGH) with ADJACENT network att...
Security feature bypass
A whitelist bypass vulnerability in McAfee Application Control / Change Control 7.0.1 and before allows a remote or local user to execute blacklisted files through an ASP.NET form...
CVE-2018-6669
A whitelist bypass vulnerability in McAfee Application Control / Change Control 7.0.1 and before allows a remote or local user to execute blacklisted files through an ASP.NET form...
IBM Security Access Manager Application Control Bypass Vulnerability
IBM Security Access Manager is a product for information security management applications from IBM, USA. The product enables access management control through integrated devices for web, mobile and cloud computing. An application control bypass vulnerability exists in IBM Security Access Manager...
Default credentials
Bypassing password security vulnerability in McAfee Application and Change Control MACC 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility...
CVE-2018-6690 McAfee Application Control (MAC) - Whitelist bypass using a hard drive solidified by MACC
Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control MACC 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system...
CVE-2017-3912 McAfee Application Control and Change Control (MACC) - password management security feature bypass (SFB) leading to an authentication bypass
Bypassing password security vulnerability in McAfee Application and Change Control MACC 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility...
Application control block page leaks private IP and hostname
The default replacement message in FortiOS' Application control block page reveals the private IP as well as the hostname of the FortiGate...
wePWNise - Generates Architecture Independent VBA Code To Be Used In Office Documents Or Templates And Automates Bypassing Application Control And Exploit Mitigation Software
wePWNise is proof-of-concept Python script which generates VBA code that can be used in Office macros or templates. It was designed with automation and integration in mind, targeting locked down environment scenarios. The tool enumerates Software Restriction Policies SRPs and EMET mitigations and...
What Can Application Control Do For You?
In past blogs, we’ve taken a look at application control and the best practices for successful deployment. Today we’re going to shift gears slightly, and highlight the reasons some companies have chosen this practice. Whitelist With Flexibility It seems counterintuitive to put “whitelisting” and...
Starbucks: Backup Source Code Detected
Impact Depending on the nature of the source code disclosed, an attacker can mount one or more of the following types of attacks:•Access the database or other data resources. With the privileges of the account obtained, attempt to read, update or delete arbitrary data from the database. •Access...
The First Step to Deploying Application Control
Application Control remains one of the best techniques for blocking the vast majority of malware threats; however, implementation often falters due to poor planning. Gartner How to Successfully Deploy Application Control Is Whitelisting Worth It? When it comes to preventing new attacks,...
Design/Logic Flaw
SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports version for Visual Studio .NET, Version 2010 allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application...
CVE-2018-2427
SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports version for Visual Studio .NET, Version 2010 allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application...
CVE-2018-2427
SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports version for Visual Studio .NET, Version 2010 allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application...
What’s The Deal with Application Control?
Enterprise use of application control, on at least some PCs, will increase from 30% in 2017 to over 50% by 2022. It’s no secret that application control is one of the most effective ways to ensure the privacy and security of data. By allowing only preapproved files to run, application control has...
Trend Micro Endpoint Application Control Directory Traversal Vulnerability
Trend Micro Endpoint Application Control is a set of endpoint application control software from Trend Micro. The software can prohibit unknown applications from running on the terminal. A directory traversal vulnerability exists in the FileDrop servlet in Trend Micro Endpoint Application Control...
Directory traversal
A directory traversal vulnerability in Trend Micro Endpoint Application Control 2.0 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the FileDrop servlet. Authentication is required to exploit this vulnerability...
CVE-2018-10357
A directory traversal vulnerability in Trend Micro Endpoint Application Control 2.0 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the FileDrop servlet. Authentication is required to exploit this vulnerability...
CVE-2018-10357
A directory traversal vulnerability in Trend Micro Endpoint Application Control 2.0 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the FileDrop servlet. Authentication is required to exploit this vulnerability...