492 matches found
CVE-2018-12131
Permissions in the driver pack installers for Intel NVMe before version 4.0.0.1007 and Intel RSTe before version 4.7.0.2083 may allow an authenticated user to potentially escalate privilege via local access...
Design/Logic Flaw
Permissions in the driver pack installers for Intel NVMe before version 4.0.0.1007 and Intel RSTe before version 4.7.0.2083 may allow an authenticated user to potentially escalate privilege via local access...
CVE-2018-12131
Permissions in the driver pack installers for Intel NVMe before version 4.0.0.1007 and Intel RSTe before version 4.7.0.2083 may allow an authenticated user to potentially escalate privilege via local access...
CVE-2018-0649
Untrusted search path vulnerability in the installers of multiple Canon IT Solutions Inc. software programs ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec all programs except packaged ones allows an attacker to gain...
CVE-2018-0649
The CVE-2018-0649 issue concerns an untrusted DLL search path in the installers for Canon IT Solutions Inc. software, affecting multiple products (e.g., ESET Smart Security Premium , ESET Internet Security , ESET Smart Security , ESET NOD32 Antivirus , DESlock+ Pro , and CompuSec ). The underlyin...
CVE-2018-0649
Untrusted search path vulnerability in the installers of multiple Canon IT Solutions Inc. software programs ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec all programs except packaged ones allows an attacker to gain...
New Variant of KeyPass Ransomware Discovered
A new variant of the KeyPass ransomware has been gaining traction in August and is using new techniques like manual control to customize its encryption process, researchers said Monday. Researchers at Kaspersky Lab who posted about the trojan said that it is being propagated by means of fake...
KeyPass ransomware
In the last few days, our anti-ransomware module has been detecting a new variant of malware - KeyPass ransomware. Others in the security community have also noticed that this ransomware began to actively spread in August: Notification from MalwareHunterTeam Distribution model According to our...
The installers of multiple Canon IT Solutions Inc. software programs may insecurely load Dynamic Link Libraries
Overview The installers of multiple software programs provided by Canon IT Solutions Inc. contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC...
JVN#41452671: The installers of multiple Canon IT Solutions Inc. software programs may insecurely load Dynamic Link Libraries
The installers of multiple software programs provided by Canon IT Solutions Inc. contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Us...
The installers of multiple Logicool software programs may insecurely load Dynamic Link Libraries
Overview The installers of multiple software programs provided by Logicool Co. Ltd contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427 . Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinat...
JVN#52574492: The installers of multiple Logicool software programs may insecurely load Dynamic Link Libraries
The installers of multiple software programs provided by Logicool Co. Ltd contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries(CWE-427). Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the...
Security Bulletin: Various IBM WebSphere MQ Installers are susceptible to DLL-planting vulnerabilities (CVE-2016-2542 & CVE-2016-4560)
Summary Various IBM WebSphere MQ graphical user interface installers are susceptible to a DLL-planting vulnerability where a malicious DLL, that is present in the Windows search path, could be loaded by the operating system in place of the genuine file. The vulnerability affects Windows executabl...
Security Bulletin: IBM Tealeaf Customer Experience installers vulnerable to attack (CVE-2016-2542)
Summary Installation programs for the Microsoft Windows components of IBM Tealeaf Customer Experience are vulnerable to attack under certain conditions. Vulnerability Details CVEID: CVE-2016-2542 DESCRIPTION: Flexera InstallShield could allow a remote attacker to execute arbitrary code on the...
Multiple Microsoft Windows applications and installers may insecurely load Dynamic Link Libraries
Overview Multiple Windows applications and installers provided by Microsoft contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries in the same directory where applications and/or installers reside CWE-427. Microsoft states that the root cause of thi...
Grouper - A PowerShell script for helping to find vulnerable settings in AD Group Policy
Grouper is a slightly wobbly PowerShell module designed for pentesters and redteamers although probably also useful for sysadmins which sifts through the usually very noisy XML output from the Get-GPOReport cmdlet part of Microsoft's Group Policy module and identifies all the settings defined in...
Find Vulnerable Settings in AD Group Policy: Grouper
Grouper is a slightly wobbly PowerShell module designed for pentesters and redteamers although probably also useful for sysadmins which sifts through the usually very noisy XML output from the Get-GPOReport cmdlet part of Microsoft’s Group Policy module and identifies all the settings defined in...
CVE-2016-6803
An installer defect known as an "unquoted Windows search path vulnerability" affected the Apache OpenOffice before 4.1.3 installers for Windows. The PC must have previously been infected by a Trojan Horse application or user running with administrative privilege. Any installer with the unquoted...
Miners on the Rise
Miners are a class of malware whose popularity has grown substantially this year. The actual process of cryptocurrency mining is perfectly legal, though there are groups of people who hoodwink unwitting users into installing mining software on their computers, or exploiting software vulnerabiliti...
CVE-2017-10850
Untrusted search path vulnerability in Installers of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 Timestamp of code signing is before 12 Apr 2017 02:04 UTC., PostScript? Driver + Additional Feature Plug-in + PPD File for...