593 matches found
PsExec via Current User Token
This module uploads an executable file to the victim system, creates a share containing that executable, creates a remote service on each target system using a UNC path to that file, and finally starts the services. The result is similar to psexec but with the added benefit of using the session's...
Spear Phishing Remains Preferred Point of Entry in Targeted, Persistent Attacks
Persistent targeted attacks against the government, financial services, manufacturing and critical infrastructure take on many characteristics. Attackers can have different backgrounds and motivations, and the tools they use can range from commodity malware to zero-day exploits. One characteristi...
Symphony CMS 2.3 - Multiple Vulnerabilities
Symphony CMS 2.3 - Multiple Vulnerabilities Symphony cms 2.3 multiple vulnerabilities -------------------------------------------------------------------------------------------- 20121017 - Justanotherhacker.com : Symphony cms - Multiple vulnerabilities JAHx122 -...
Symphony CMS 2.3 - Multiple Vulnerabilities
Symphony cms 2.3 multiple vulnerabilities -------------------------------------------------------------------------------------------- 20121017 - Justanotherhacker.com : Symphony cms - Multiple vulnerabilities JAHx122 - http://www.justanotherhacker.com/advisories/JAHx122.txt...
Psexec Via Current User Token
$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' require 'rex' require...
Researchers Find Way to Sniff Corporate Email Via BlackBerry PlayBook
MIAMI BEACH–Researchers and attackers have had no shortage of mobile platforms and devices to sink their teeth into in recent years, thanks to the explosion of iOS and Android phones and tablets in the consumer and enterprise markets. Now, the spotlight is slowly beginning to turn in the directio...
Siemens Simatic HMI Authentication Vulnerabilities
Overview ICS-CERT is aware of a public report by independent security researchers Billy Rios and Terry McCorkle concerning authentication bypass vulnerabilities affecting Siemens SIMATIC HMI products which are supervisory control and data acquisition/human-machine interface SCADA/HMI products...
Authentication flaw
sre/params.php in the Integrity Clientless Security ICS component in Check Point Connectra NGX R62 3.x and earlier before Security Hotfix 5, and possibly VPN-1 NGX R62, allows remote attackers to bypass security requirements via a crafted Report parameter, which returns a valid ICSCookie...
CVE-2007-0471
Check Point Connectra NGX R62 3.x and earlier (before Security Hotfix 5) are affected by CVE-2007-0471 due to an issue in sre/params.php of the Integrity Clientless Security (ICS) component that lets an attacker craft a Report parameter to obtain a valid ICSCookie token and bypass security. The a...
CVE-2005-2306
Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authentication token to multiple sessions, which could allow authenticated users to gain privileges as other users...
CVE-2005-2306
The CVE describes a race condition in Macromedia JRun 4.0 and ColdFusion MX 6.1/7.0 where under heavy load JRun may assign a duplicate authentication token to multiple sessions. This could allow authenticated users to gain privileges as other users. Affected components include JRun 4.0 and ColdFu...
[SA16081] Macromedia JRun Authentication Token Security Issue
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...
DUO-PSA-2020-003: Duo Product Security Advisory
Duo Product Security Advisory Advisory ID: DUO-PSA-2020-003 Publication Date: 2020-06-30 Revision Date: 2020-06-30 Status: Confirmed, Fixed Document Revision: 2 Overview Duo has identified and fixed an issue in the Duo Connect client that allows end-users to choose insecure configurations. If...