Microsoft Windows 10: Create global objects

This policy setting determines which users can create global objects that are available to all sessions. Users can still create objects that are specific to their own session if they do not have this user right. A global object is an object that is created to be used by any number of processes or...

Microsoft Windows 10: Restore files and directories

This security setting determines which users can bypass file, directory, registry, and other persistent object permissions when they restore backed up files and directories, and it determines which users can set valid security principals as the owner of an object. OpenVAS Vulnerability Test $Id:...

Microsoft Windows 10: Back up files and directories

This user right determines which users can bypass file and directory, registry, and other persistent object permissions for the purposes of backing up the system. This user right is effective only when an application attempts access through the NTFS backup application programming interface API...

Microsoft Windows 10: Act as part of the operating system

The Act as part of the operating system policy setting determines whether a process can assume the identity of any user and thereby gain access to the resources that the user is authorized to access. OpenVAS Vulnerability Test $Id: win10actaspartofos.nasl 11532 2018-09-21 19:07:30Z cfischer $ Che...

Microsoft Windows 10: Debug programs

This policy setting determines which users can attach to or open any process, even those they do not own. Developers who are debugging their own applications do not need to be assigned this user right. Developers who are debugging new system components need this user right. This user right provid...

Microsoft Windows 10: Access Credential Manager as a trusted caller

The Access Credential Manager as a trusted caller policy setting is used by Credential Manager during backup and restore. No accounts should have this privilege because it is assigned only to the Winlogon service. Saved credentials of users may be compromised if this privilege is given to other...

Product update: Virtuozzo 7.0 Update 7 Hotfix 1 (7.0.7-445)

The Hotfix 1 for Virtuozzo 7.0 Update 7 provides stability and usability bug fixes. Vulnerability id: PSBM-82558 Container migration could sometimes fail due to a CRIU issue. Vulnerability id: PSBM-82711 'prlctl qemu-update' could fail due to unnamed dirty bitmaps. This could result in backups no...

The vulnerability of the Linux operating system’s i8042 controller driver allows a hacker to cause a service failure or exert other effects.

The vulnerability of the i8042 controller driver drivers/input/serio/i8042.c in the Linux operating system is related to a pointer assignment error. Exploiting this vulnerability could allow an attacker to cause a service failure or other adverse effects...

CVE-2017-4454

CVE-2017-4454 is rejected/not used and does not represent an active vulnerability entry.

CVE-2017-4068

CVE-2017-4068 is rejected and not used as an active vulnerability entry.

How to assign VLANs to Targets created in PVS

This article explains the relationship between Networks and VLANs as it pertains to XenDesktop Hosting Units and PVS. The article also explains a workaround to be able to distribute Target Devices across desired VLANs The concept of VLAN IDs on the Hypervisor side is unknown to the XenDesktop...

Integrate Your Ticketing System into Database Security to Prevent DBA Privilege Abuse

Many of the recent high-profile data security breaches were made by trusted insiders. They are often database administrators DBAs who are highly privileged and trusted insiders with access to sensitive data. In this blog post, I will discuss the inherent risk introduced by highly privileged...

January Release Brings Improved Enterprise Management to Cb Defense

As a network of computers gets larger, the challenges and risks of keep systems consistently protected and in compliance increases. This means that, with a huge number of dispersed endpoints to keep watch over, security administrators at enterprise organizations often spend too much time deployin...

CVE-2018-5709

An issue was discovered in MIT Kerberos 5 aka krb5 through 1.16. There is a variable "dbentry-nkeydata" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect...

Linux/x86-64 - Bind TCP Stager (4444/TCP) + Egghunter Shellcode (157 bytes)

;Exam Assignment 3 ;implementation of egghunter ;Default egg = "deaddead" ; ;If connected the stager check of egg , if present execute the code ; ;You can send a maximum of 255 bytes egg + code ; ;if no egg , shellcode exit ; ;Christophe G SLAE64 - 1337 ; global start jmp short start startcode :...

aws-cfn-bootstrap Local Code Execution Vulnerability

aws-cfn-bootstrap versions prior to 1.4-22.14 suffer from a local code execution vulnerability. aws-cfn-bootstrap local code execution as root ============================================== The latest version of this advisory is available at:...

Users with 'Plan Admin' privileges can change Project Name

h3. Summary Users whom have Plan level Admin privileges, but not Project level Admin privileges are able to change the Project name from /chain/admin/config/editChainDetails.action?buildKey=\projkey-\plankey h3. Steps to Reproduce h1. Step 1 Create Project with key TSTPR Create Plan within TSTPR...

The vulnerability of the `sixel_output_create` function (coders/sixel.c) in the console-based graphic editor ImageMagick allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the sixeloutputcreate function in the console-based image editing tool ImageMagick is related to pointer assignment errors. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

JSON gem has Improper Input Validation vulnerability

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...

GHSA-X457-CW4H-HQ5F JSON gem has Improper Input Validation vulnerability

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...