1075 matches found
Security Advisory - Remote Code Execution Vulnerability in Windows DNSAPI
Microsoft released a security advisory to disclose a remote code execution vulnerability in Windows Domain Name System DNS DNSAPI.dll. An unauthenticated, remote attacker would use a malicious DNS server to send corrupted DNS responses to the target. The attacker could exploit the vulnerability t...
CVE-2017-16369
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a Same Origin Policy security bypass vulnerability, affecting...
Microsoft Windows DNSAPI Remote Code Execution Vulnerability
Microsoft Windows is a series of operating systems released by the American company Microsoft. A remote code execution vulnerability exists in the Domain Name System DNS DNSAPI.dll file in Microsoft Windows, which arises from a program's failure to properly handle DNS responses. A remote attacker...
Windows DNSAPI Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Windows Domain Name System DNS DNSAPI.dll when it fails to properly handle DNS responses. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. To exploit the vulnerability, the...
Trend Micro OfficeScan 11.0/XG (12.0) - Image File Execution Bypass Vulnerability
Exploit for windows platform in category local exploits + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/TRENDMICRO-OFFICESCAN-XG-IMAGE-FILE-EXECUTION-BYPASS.txt + ISR: ApparitionSec Vendor: ==================...
Code injection
IBM Predictive Solutions Foundation formerly PMQ could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL to specify a file from the local system, which could allow the attacker to obtain sensitive information. IBM X-Force ID: 119618...
Win32k Information Disclosure Vulnerability
An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, an attacker would have to eithe...
Microsoft Malware Protection Engine Remote Code Execution Vulnerability
The Microsoft Malware Protection Engine mpengine.dll provides scanning, monitoring and removal capabilities for antivirus and anti-spyware clients. A remote code execution vulnerability exists in Microsoft Malware Protection Engine. The remote code execution vulnerability can be triggered when...
Microsoft Windows taskschd.msc Privilege Escalation Vulnerability
Microsoft Windows taskschd.msc local SYSTEM privilege escalation exploit. Microsoft Windows 'taskschd.msc' Local SYSTEM Privilege Escalation Todor Donev https://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg Disclaimer: This or previous programs is for Educational purpose ONLY...
Remote code execution
Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an attacker with access to the local system to execute malicious code, aka ".NET Remote Code Execution Vulnerability."...
CVE-2017-0160
Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an attacker with access to the local system to execute malicious code, aka ".NET Remote Code Execution Vulnerability."...
CVE-2017-6400
An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged command execution on NetBackup Server and Client can occur on the local system...
CVE-2017-6400
An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged command execution on NetBackup Server and Client can occur on the local system...
CVE-2017-5595
A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile, which allows an authenticated attacker to read local system files e.g., /etc/passwd in the context of the web server user www-dat...
Arbitrary file deletion
A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile, which allows an authenticated attacker to read local system files e.g., /etc/passwd in the context of the web server user www-dat...
CVE-2017-5595
A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile, which allows an authenticated attacker to read local system files e.g., /etc/passwd in the context of the web server user www-dat...
CVE-2017-5595
A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile, which allows an authenticated attacker to read local system files e.g., /etc/passwd in the context of the web server user www-dat...
CVE-2017-5595
A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile, which allows an authenticated attacker to read local system files e.g., /etc/passwd in the context of the web server user www-dat...
CVE-2016-4307
A denial of service vulnerability exists in the IOCTL handling functionality of Kaspersky Internet Security KL1 driver. A specially crafted IOCTL signal can cause an access violation in KL1 kernel driver resulting in local system denial of service. An attacker can run a program from user-mode to...
CVE-2016-9950
An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this...