Philips IntelliSpace Cardiovascular and Xcelera Privilege Mismanagement Vulnerability

Philips IntelliSpace Cardiovascular ISCV and Xcelera are both products of the Dutch company Philips.Philips ISCV is a cardiac imaging information management system.Xcelera is its predecessor. A security vulnerability exists in Philips ISCV version 2.x and earlier and Xcelera version 4.1 and...

Microsoft Windows: LAPS: Enable local admin password management

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winlapspasswdmanagement.nasl 11337 2018-09-11 14:23:53Z emoss $ Check value for Enable local admin password management Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This...

CVE-2016-0235

IBM Security Guardium Database Activity Monitor 10 allows local users to have unspecified impact by leveraging administrator access to a hardcoded password, related to use on GRUB systems. IBM X-Force ID: 110326...

CVE-2017-1787

IBM Publishing Engine 2.1.2 and 6.0.5 contains an undisclosed vulnerability that could allow a local user with administrative privileges to obtain hard coded user credentials. IBM X-Force ID: 137022...

CVE-2017-1787

The CVE-2017-1787 entry concerns IBM Publishing Engine versions 2.1.2 and 6.0.5 with an undisclosed vulnerability that could allow a local administrator to obtain hard-coded credentials. Affected products: Rational Publishing Engine 2.1.2 and 6.0.5. Root cause/impact: local privilege and credenti...

CVE-2016-9569

The cbstream.sys driver in Carbon Black 5.1.1.60603 allows local users with admin privileges to cause a denial of service out-of-bounds read and system crash via a large counter value in an 0x62430028 IOCTL call...

Hashicorp vagrant-vmware-fusion 5.0.3 - Local root Privilege Escalation Exploit

Exploit for macOS platform in category local exploits Another day, another root privesc bug in this plugin. Not quite so serious this time - this one is only exploitable if the user has the plugin installed but VMware Fusion not installed. This is a fairly unlikely scenario but it's a straight to...

Anti-Virus Privileged File Write Vulnerability

Anti-Virus solutions are split into several different components an unprivileged user mode part, a privileged user mode part and a kernel component. Logically the different systems talk to each other. By abusing NTFS directory junctions it is possible from the unprivileged user mode part "the UI"...

Anti-Virus Privileged File Write

Dear list, This mail is not about a single vulnerability, but a more or less general technique I discovered to abuse the restore from quarantine feature in anti-virus solutions to gain local admin rights. As I also presented this attack at the IT SECX conference, I had to invent a name for it too...

CVE-2017-5688

There is an escalation of privilege vulnerability in the Intel Solid State Drive Toolbox versions before 3.4.5 which allow a local administrative attacker to load and execute arbitrary code...

How to Add a Domain Admin Group to Local Admin Group Using Role Based Access Control on XenMobile

This article describes how to add a group of domain admins to the local admin group within XenMobile Server so they have access to the console...

Fileless UAC Bypass Uses Windows Backup and Restore Utility

One nugget buried in a recent Vault 7 dump was a bypass of User Account Controls in Windows 7 that allows applications to execute code without triggering the familiar prompt to the user that something may be afoot. Microsoft has not, in the past, considered UAC bypasses a security boundary that...

Local Windows Admins Can Hijack Sessions Without Credentials

A researcher has exposed how attackers with local admin privileges could use native command-line Windows tools to hijack other users’ sessions without credentials. Researcher Alexander Korznikov on Friday published a report in which he describes how he could, locally and remotely via Remote Deskt...

Hacker Reveals Easiest Way to Hijack Privileged Windows User Session Without Password

You may be aware of the fact that a local Windows user with system rights and permissions can reset the password for other users, but did you know that a local user can also hijack other users' session, including domain admin/system user, without knowing their passwords? Alexander Korznikov, an...

Fortinet FortiOS Local Admin Password Hash Leak Vulnerability (FG-IR-16-050)

Fortinet FortiOS is prone to a local admin password hash leak vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Automato - Automating the user-focused enumeration tasks during an internal penetration test

automato should help with automating some of the user-focused enumeration tasks during an internal penetration test. automato is also capable of conducting limited brute force attacks such as: Testing to see if a list of users with a common password exists in the target domain Identifying if a...

Published app does not launch when SSO is used. Desktops launch fine.

Using Receiver and Receiver for web, published app wont launch but a published desktop works fine. If user is local admin - it works If signing in with username/password on Receiver or Receiver for web - it works. Event generated on vda host: "non-brokered ica connection request denied because th...

BlackBerry Good Enterprise Mobility Server Arbitrary Command Execution Vulnerability

The BlackBerry Good Enterprise Mobility Server GEMS is an enterprise mobility server from BlackBerry Canada. A security vulnerability exists in Apache Karaf in BlackBerry GEMS versions 2.1.5.3 through 2.2.22.25. A remote attacker could exploit the vulnerability by executing commands to gain local...

CVE-2016-3129

A remote shell execution vulnerability in the BlackBerry Good Enterprise Mobility Server GEMS implementation of the Apache Karaf command shell in GEMS versions 2.1.5.3 to 2.2.22.25 allows remote attackers to obtain local administrator rights on the GEMS server via commands executed on the Karaf...

FortiOS Local Admin Password Hash Leak Vulnerability

A read-only administrator may have access to read-write administrators password hashes not including super-admins stored on the appliance via the webui REST API , and may therefore be able to crack them...