Windows ALPC Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call ALPC. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view...

Windows Win32k Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data...

GHSA-7XFP-9C55-5VQJ Remote Memory Exposure in request

Affected versions of request will disclose local system memory to remote systems in certain circumstances. When a multipart request is made, and the type of body is number, then a buffer of that size will be allocated and sent to the remote server as the body. Proof of Concept js var request =...

Hacker Discloses New Windows Zero-Day Exploit On Twitter

A security researcher with Twitter alias SandboxEscaper—who two months ago publicly dropped a zero-day exploit for Microsoft Windows Task Scheduler—has yesterday released another proof-of-concept exploit for a new Windows zero-day vulnerability. SandboxEscaper posted a link to a Github page hosti...

Design/Logic Flaw

A vulnerability in the local system administration component of Avaya Aura Communication Manager can allow an authenticated, privileged user on the local system to gain root privileges. Affected versions include 6.3.x and all 7.x version prior to 7.1.3.1...

CVE-2018-15611

A vulnerability in the local system administration component of Avaya Aura Communication Manager can allow an authenticated, privileged user on the local system to gain root privileges. Affected versions include 6.3.x and all 7.x version prior to 7.1.3.1...

CVE-2018-15611

CVE-2018-15611 describes an elevation-of-privilege vulnerability in the Avaya Aura Communication Manager’s local system administration component. An authenticated, privileged local user can gain root privileges on affected systems. Affected versions include 6.3.x and all 7.x releases before 7.1.3...

Windows ALPC Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call ALPC. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view...

Splinterware System Scheduler Pro 5.12 - Privilege Escalation

Splinterware System Scheduler Pro 5.12 - Privilege Escalation Exploit Title: Splinterware System Scheduler Pro 5.12 - Privilege Escalation Exploit Author: bzyo Twitter: @bzyo Date: 2018-07-21 Vulnerable Software: System Scheduler Pro 5.12 Vendor Homepage: https://www.splinterware.com Version: 5.1...

Splinterware System Scheduler Pro 5.12 - Privilege Escalation

Exploit Title: Splinterware System Scheduler Pro 5.12 - Privilege Escalation Exploit Author: bzyo Twitter: @bzyo Date: 2018-07-21 Vulnerable Software: System Scheduler Pro 5.12 Vendor Homepage: https://www.splinterware.com Version: 5.12 Tested Windows 7 SP1 x86 CVE: N/A Description: Splinterware...

The vulnerability of the DNSAPI component for Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of the DNSAPI component DNSAPI.dll in Windows operating systems is related to insufficient access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the Local System Account by sending specially crafted DNS responses from ...

Security Bulletin: Open Source GNU glibc Vulnerabilities Security Bulletin: Open Source GNU glibc Vulnerabilities which is used by IBM OS Images for RedHat Linux in IBM PureApplication Systems (CVE-2017-12132)

Summary There are vulnerabilities in the Open Source GNU glibc that is used by the OS Images for IBM PureApplication Software Suite, IBM Bluemix Local System and IBM PureApplication System/Software Vulnerability Details CVEID: CVE-2017-12132 DESCRIPTION: GNU C Library aka glibc or libc6 could all...

Security Bulletin: Vulnerability in Open Source cURL Libcurl affects IBM PureApplication. (CVE-2017-1000257)

Summary Vulnerability in Open Source cURL Libcurl affects IBM PureApplication. Vulnerability Details CVEID: CVE-2017-1000257 DESCRIPTION: cURL is vulnerable to a denial of service, caused by a buffer overread in the IMAP handler. By using a specially crafted IMAP FETCH response, a remote attacker...

Security Bulletin: Open Source Apache HTTP Server Vulnerabilities which is used by IBM PureApplication Systems (CVE-2017-7679 CVE-2017-3169 CVE-2017-3167)

Summary A vulnerability in Open Source Apache HTTP Server affects the PureSystems® Managers used by IBM PureApplication System. Vulnerability Details CVEID: CVE-2017-7679 DESCRIPTION: Apache HTTPD could allow a remote attacker to obtain sensitive information, caused by a buffer overread in modmim...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM PureApplication System

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM PureApplication System. These issues were disclosed as part of the IBM Java SDK updates in April 2017. IBM PureApplication System has addressed the applicable CVEs. These issues were also addressed by IBM...

Security Bulletin: There is a potential cross-site request forgery in IBM WebSphere Application Server shipped with IBM PureApplication System (CVE-2017-1194)

Summary IBM WebSphere Application Server is shipped as a component of IBM PureApplication System. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Consult the security bulletin Cross-site request...

Potential security vulnerability in WebSphere Application Server. IBM WebSphere Application Server ships with IBM PureApplication System (CVE-2017-1137)

Summary IBM WebSphere Application Server is shipped as a component of IBM PureApplication System. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Consult the security bulletin Potential security...

Windows DNSAPI Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Windows Domain Name System DNS DNSAPI.dll when it fails to properly handle DNS responses. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. To exploit the vulnerability, the...

Microsoft Windows: Network security: Allow Local System to use computer identity for NTLM

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winnseclocalsyscompntlm.nasl 11344 2018-09-12 06:57:52Z emoss $ Check value for Network security: Allow Local System to use computer identity for NTLM Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...

CVE-2017-7768

The Mozilla Maintenance Service can be invoked by an unprivileged user to read 32 bytes of any arbitrary file on the local system by convincing the service that it is reading a status file provided by the Mozilla Windows Updater. The Mozilla Maintenance Service executes with privileged access,...