219 matches found
CVE-2018-6660
Directory Traversal vulnerability in McAfee ePolicy Orchestrator ePO 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file...
CVE-2018-6660
Directory Traversal vulnerability in McAfee ePolicy Orchestrator ePO 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file...
CVE-2018-6660 SB10228 ePO Directory Traversal vulnerability
Directory Traversal vulnerability in McAfee ePolicy Orchestrator ePO 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file...
Code injection
The backup mechanism in the adb tool in Android might allow attackers to inject additional applications APKs and execute arbitrary code by leveraging failure to filter application data streams...
CVE-2014-7952
The backup mechanism in the adb tool in Android might allow attackers to inject additional applications APKs and execute arbitrary code by leveraging failure to filter application data streams...
SUSE-SU-2017:2869-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.90 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000252: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service assertion failure, and hypervisor hang or...
Medium: kernel
Issue Overview: The xenbiovecphysmergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO...
CVE-2017-12134
The xenbiovecphysmergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability...
Adware the series, part 6
In this series of posts, we will be using the flowchart below to follow the process of determining which adware we are dealing with. Our objective is to give you an idea of how many different types of adware are around for Windows systems. Though most are classified as PUPs, you will also see the...
Denial Of Service (DoS)
OpenSSL is vulnerable to denial of service DoS attacks. These attacks are possible because the dtls1listen function doesn't correctly isolate the state information of independent data streams...
ir-rescue - A Windows Batch Script To Comprehensively Collect Host Forensic Data
ir-rescue is a lightweight Windows Batch script that collects a myriad of forensic data from 32-bit and 64-bit Windows systems while respecting the order of volatility and artifacts that are changed with the execution of the script e.g. , prefetch files. It is intended for incident response use a...
Foxit Reader and PhantomPDF Denial of Service Vulnerability
Foxit Reader is a PDF document reader from China's Foxit Software Corporation.Foxit PhantomPDF is a commercial version. A security vulnerability exists in Windows-based versions of Foxit Reader and PhantomPDF 7.3.0.118 and earlier versions, which can be exploited by remote attackers to cause a...
DEBIAN-CVE-2016-2114
The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "server signing = mandatory" setting, which allows man-in-the-middle attackers to spoof SMB servers by modifying the client-server data stream...
IT-Grundschutz M4.332: Sichere Konfiguration der Zugriffssteuerung bei einem Samba-Server
IT-Grundschutz M4.332: Sichere Konfiguration der Zugriffssteuerung bei einem Samba-Server Stand: 14. Ergänzungslieferung 14. EL. OpenVAS Vulnerability Test $Id: GSHBM4332.nasl 7883 2017-11-23 11:22:59Z emoss $ IT-Grundschutz, 14. EL, Maßnahme 4.332 Authors: Thomas Rotter Copyright: Copyright c 20...
Socat - Multipurpose relay (SOcket CAT)
Socat is a utility similar to the venerable Netcat that works over a number of protocols and through a files, pipes, devices terminal or modem, etc., sockets Unix, IP4, IP6 - raw, UDP, TCP, a client for SOCKS4, proxy CONNECT, or SSL, etc. It provides forking, logging, and dumping, different modes...
dwebpro 6.8.26 (dt/fd) Multiple Vulnerabilities
No description provided by source. dWebPro v 6.8.26 ============================================ Remote Directory Tarvelsal && Remote File Disclosure p0c's ============================================ Download : http://www.dwebpro.com/downloads/dwebpro6.8.26.exe...
Pserv 2.0 - HTTP Version Specifier Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6285/info A buffer overflow vulnerability has been reported in Pserv. The buffer overflow condition is due to the way Pserv handles data streams from remote connections. An attacker can exploit this vulnerability by issui...
samba: no access check verification on stream files
Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfsstreamsdepot or vfsstreamsxattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data stream ADS...
CentOS Update for libsmbclient CESA-2013:1806 centos6
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
samba: no access check verification on stream files
Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfsstreamsdepot or vfsstreamsxattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data stream ADS...