HawkScan - Security Tool For Reconnaissance And Information Gathering On A Website

Security Tool for Reconnaissance and Information Gathering on a website. python 2.x & 3.x This script use "WafW00f" to detect the WAF in the first step https://github.com/EnableSecurity/wafw00f This script use "Sublist3r" to scan subdomains https://github.com/aboul3la/Sublist3r This script use...

Exploit for Uncontrolled Search Path Element in Cisco Anyconnect_Secure_Mobility_Client

CVE-2020-3153 Cisco AnyConnect 4.8.02042 privilege escalatio...

Cisco AnyConnect Secure Mobility Client 4.8.01090 Privilege Escalation Vulnerability

Cisco AnyConnect Secure Mobility Client for Windows version 4.8.01090 suffer from a privilege escalation vulnerability due to insecure handling of path names. ------------------------------------------------------------------------ Cisco AnyConnect elevation of privileges due to insecure handling...

An update is available that enables administrators to update trusted and disallowed CTLs in disconnected environments in Windows

An update is available that enables administrators to update trusted and disallowed CTLs in disconnected environments in Windows Summary This software update provides the following improvements for Windows: Enables administrators to configure domain-joined computers to use the auto update feature...

DNS Spoofing

Mozilla Firefox is vulnerable to DNS spoofing. A flaw was found in the Firefox auto-update verification system. An attacker who has the ability to spoof a victim's DNS could get Firefox to download and install malicious code. In order to exploit this issue an attacker would also need to get a...

CVE-2015-3612

A Cross-site Scripting XSS vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page...

Cross site scripting

A Cross-site Scripting XSS vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page...

CVE-2015-3612

A Cross-site Scripting XSS vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page...

Microsoft Outlook for Android Bug Opens Door to XSS

Users of the Microsoft Outlook for Android app should update their apps to avoid a range of attacks. The bug CVE-2019-1460 would allow an attacker to perform cross-site scripting XSS attacks on the affected systems and run scripts in the security context of the current user, according to...

CVE-2019-17435

A Local Privilege Escalation vulnerability exists in the GlobalProtect Agent for Windows 5.0.3 and earlier, and GlobalProtect Agent for Windows 4.1.12 and earlier, in which the auto-update feature can allow for modification of a GlobalProtect Agent MSI installer package on disk before installatio...

CVE-2019-17435

A Local Privilege Escalation vulnerability exists in the GlobalProtect Agent for Windows 5.0.3 and earlier, and GlobalProtect Agent for Windows 4.1.12 and earlier, in which the auto-update feature can allow for modification of a GlobalProtect Agent MSI installer package on disk before installatio...

Privilege escalation

A Local Privilege Escalation vulnerability exists in the GlobalProtect Agent for Windows 5.0.3 and earlier, and GlobalProtect Agent for Windows 4.1.12 and earlier, in which the auto-update feature can allow for modification of a GlobalProtect Agent MSI installer package on disk before installatio...

CVE-2019-17435

A Local Privilege Escalation vulnerability exists in the GlobalProtect Agent for Windows 5.0.3 and earlier, and GlobalProtect Agent for Windows 4.1.12 and earlier, in which the auto-update feature can allow for modification of a GlobalProtect Agent MSI installer package on disk before installatio...

PT-2019-4015 · Palo Alto Networks · Globalprotect Agent For Windows

Name of the Vulnerable Software and Affected Versions: GlobalProtect Agent for Windows versions 5.0.3 and earlier GlobalProtect Agent for Windows versions 4.1.12 and earlier Description: A Local Privilege Escalation issue exists in the auto-update feature of the GlobalProtect Agent for Windows,...

Azure File Sync Agent v8 Release – October 2019

Azure File Sync Agent v8 Release – October 2019 Introduction This article describes the improvements and issues that are fixed in the Azure File Sync Agent v8 release that is dated October 2019. Additionally, this article contains installation instructions for the update. Improvements and issues...

WordPress Companion Auto Update Plugin < 3.2.1 Multiple Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113486";...

CVE-2019-12754

Technical details about CVE-2019-12754 are not publicly available in the provided connected documents. Monitor for updates.

CVE-2019-11031

Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the auto-update feature of IDVRUpdateService2 in DVRServer.exe. An attacker can upload files with a Setup-Files action, and then execute these files with SYSTEM privileges...

CVE-2019-11031

CVE-2019-11031 affects Mirasys VMS before v7.6.1 and 8.x before v8.3.2. The flaw arises from mishandling the auto-update feature (IDVRUpdateService2 in DVRServer.exe), enabling an attacker to upload files via a Setup-Files action and then execute them with SYSTEM privileges. Impact is high, with ...

CVE-2019-11031

Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the auto-update feature of IDVRUpdateService2 in DVRServer.exe. An attacker can upload files with a Setup-Files action, and then execute these files with SYSTEM privileges...