270 matches found
CVE-2020-7326
Improperly implemented security check in McAfee Active Response MAR prior to 2.4.4 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state resulting in MAR failing open rather than closed...
CVE-2020-7320
The CVE-2020-7320 issue affects McAfee Endpoint Security (ENS) for Windows prior to 10.7.0. It is described as a Protection Mechanism Failure that lets a local administrator temporarily degrade detection by stopping certain Microsoft services, enabling malware that would otherwise be detected to ...
kernel: heap overflow in mwifiex_set_uap_rates() function of Marvell Wifi Driver leading to DoS
A flaw was found in the Linux kernel’s implementation of the Marvell wifi driver, which can allow a local user who has CAPNETADMIN or administrative privileges to possibly cause a Denial Of Service DOS by corrupting memory and possible code execution...
CVE-2020-7253
Improper access control vulnerability in masvc.exe in McAfee Agent MA prior to 5.6.4 allows local users with administrator privileges to disable self-protection via a McAfee supplied command-line utility...
FlexNet Publisher 11.12.1 Cross Site Request Forgery
Exploit Title: FlexNet Publisher 11.12.1 - Cross-Site Request Forgery Add Local Admin Date: 2019-12-29 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.flexerasoftware.com/ Software : FlexNet Publisher Product Version: v11.12.1 Product :...
FlexNet Publisher 11.12.1 - Cross-Site Request Forgery (Add Local Admin) Vulnerability
Exploit for php platform in category web applications...
FlexNet Publisher 11.12.1 - Cross-Site Request Forgery (Add Local Admin)
FlexNet Publisher 11.12.1 - Cross-Site Request Forgery Add Local Admin Exploit Title: FlexNet Publisher 11.12.1 - Cross-Site Request Forgery Add Local Admin Date: 2019-12-29 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.flexerasoftware.com/ Software : FlexNet Publisher Product...
FlexNet Publisher 11.12.1 - Cross-Site Request Forgery (Add Local Admin)
Exploit Title: FlexNet Publisher 11.12.1 - Cross-Site Request Forgery Add Local Admin Date: 2019-12-29 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.flexerasoftware.com/ Software : FlexNet Publisher Product Version: v11.12.1 Product :...
UBUNTU-CVE-2020-8086
The modauthldap and modauthldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address passed to the isadmin function. This grants remote entities admin-only functionality if their username matches the username of a local admin...
CVE-2020-8086
The modauthldap and modauthldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address passed to the isadmin function. This grants remote entities admin-only functionality if their username matches the username of a local admin...
CredNinja - A Multithreaded Tool Designed To Identify If Credentials Are Valid, Invalid, Or Local Admin Valid Credentials Within A Network At-Scale Via SMB, Plus Now With A User Hunter
This tool is intended for penetration testers who want to perform an engagement quickly and efficiently. While this tool can be used for more covert operations including some additions below, it really shines when used at the scale of a large network. At the core of it, you provide it a list of...
HPSBPI06327 rev. 1 - Execution of Arbitrary Code for HP LaserJet, PageWide, OfficeJet Enterprise, and LaserJet Managed Printers
Potential Security Impact Execution of arbitrary code VULNERABILITY SUMMARY Solution application signature checking may allow potential execution of arbitrary code. RESOLUTION Perform the following steps to help mitigate the vulnerability. 1. Update firmware for impacted printers as indicated in...
PT-2019-16907 · Ibm · Ibm Multicloud Manager
Name of the Vulnerable Software and Affected Versions: IBM Multicloud Manager versions 3.1.0 through 3.1.2 Description: A local attacker with admin privileges could obtain highly sensitive information upon deployment. Recommendations: For versions 3.1.0 through 3.1.2, at the moment, there is no...
Serv-U FTP Server 15.1.6.25 Local Privilege Escalation Vulnerability
Exploit for multiple platform in category local exploits CVE: CVE-2018-19999 Security researcher: Chris Moberly @ The Missing Link Security Product name: Serv-U FTP Server Product version: Tested on 15.1.6.25 current as of Dec 2018 Fixed in: 15.1.7 Overview The Serv-U FTP Server is vulnerable to...
CVE-2019-1808
A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signature...
CVE-2019-1767
A vulnerability in the implementation of a specific CLI command for Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to cause a buffer overflow condition or perform command injection. This could allow the attacker to execute arbitrary commands with...
PT-2019-2211 · Cisco · Cisco Nx-Os +1
Name of the Vulnerable Software and Affected Versions: Cisco NX-OS Software affected versions not specified Description: A vulnerability in the Image Signature Verification feature could allow an authenticated, local attacker with administrator-level credentials to install a malicious software...
CVE-2018-1937
IBM Cloud Private 3.1.1 is affected by CVE-2018-1937. A local administrator could intercept highly sensitive unencrypted data due to insecure intra-service communications (IAM and OpenShift) over HTTP. The IBM Security Bulletin confirms the impact is data disclosure with local access and provides...
BloodHound Ingestor
This module will execute the BloodHound C Ingestor aka SharpHound to gather sessions, local admin, domain trusts and more. With this information BloodHound will easily identify highly complex attack paths that would otherwise be impossible to quickly identify within an Active Directory environmen...
CVE-2018-15615
A vulnerability in the Supervisor component of Avaya Call Management System allows local administrative user to extract sensitive information from users connecting to a remote CMS host. Affected versions of CMS Supervisor include R17.0.x and R18.0.x...