CVE-2019-11696

CVE-2019-11696 affects Mozilla Firefox before 67.0. Files with the .JNLP extension used for Java Web Start are not treated as executable content during download prompts, yet they can be executed if Java is present, enabling a user to inadvertently launch a local executable. Impact details in conn...

Microsoft Windows SAM user enumeration

Using the domain security identifier SID, Nessus was able to enumerate the domain users on the remote Windows system using the Security Accounts Manager. Note: Unable to obtain SMB SAMR user data during Agent scans. Rendering User data obtained by plugin 171956 C Tenable Network Security, Inc...

Security update for GraphicsMagick (moderate)

openSUSE Security Update: Security update for GraphicsMagick Announcement ID: openSUSE-SU-2019:1623-1 Rating: moderate References: 1138425 Affected Products: openSUSE Backports SLE-15 An update that contains security fixes can now be installed. Description: This update for GraphicsMagick fixes th...

Pronestor Health Monitoring 8.1.11.0 - Privilege Escalation

Pronestor Health Monitoring 8.1.11.0 - Privilege Escalation Summary The Pronestor service "PNHM" aka Health Monitoring or HealthMonitor before 8.1.12.0 has "BUILTIN\Users:IF" permissions for the "%PROGRAMFILESX86%\proNestor\Outlook add-in for Pronestor\PronestorHealthMonitor.exe" file, which allo...

Iperius Backup 6.1.0 - Privilege Escalation

Iperius Backup 6.1.0 - Privilege Escalation Exploit Author: bzyo Twitter: @bzyo Exploit Title: Iperius Backup 6.1.0 - Privilege Escalation Date: 04-24-19 Vulnerable Software: Iperius Backup 6.1.0 Vendor Homepage: https://www.iperiusbackup.com/ Version: 6.1.0 Software Link:...

Iperius Backup 6.1.0 Privilege Escalation

Exploit Author: bzyo Twitter: @bzyo Exploit Title: Iperius Backup 6.1.0 - Privilege Escalation Date: 04-24-19 Vulnerable Software: Iperius Backup 6.1.0 Vendor Homepage: https://www.iperiusbackup.com/ Version: 6.1.0 Software Link: https://www.iperiusbackup.com/download.aspx Tested on: Windows 10 x...

Iperius Backup 6.1.0 - Privilege Escalation Vulnerability

Exploit for windows platform in category local exploits Exploit Author: bzyo Twitter: @bzyo Exploit Title: Iperius Backup 6.1.0 - Privilege Escalation Date: 04-24-19 Vulnerable Software: Iperius Backup 6.1.0 Vendor Homepage: https://www.iperiusbackup.com/ Version: 6.1.0 Software Link:...

Iperius Backup 6.1.0 - Privilege Escalation

Exploit Author: bzyo Twitter: @bzyo Exploit Title: Iperius Backup 6.1.0 - Privilege Escalation Date: 04-24-19 Vulnerable Software: Iperius Backup 6.1.0 Vendor Homepage: https://www.iperiusbackup.com/ Version: 6.1.0 Software Link: https://www.iperiusbackup.com/download.aspx Tested on: Windows 10 x...

NSClient++ 0.5.2.35 - Privilege Escalation Vulnerability

Exploit for windows platform in category local exploits Exploit Author: bzyo Twitter: @bzyo Exploit Title: NSClient++ 0.5.2.35 - Privilege Escalation Vulnerable Software: NSClient++ 0.5.2.35 Vendor Homepage: http://nsclient.org/ Version: 0.5.2.35 Software Link: http://nsclient.org/download/ Teste...

NSClient++ 0.5.2.35 - Privilege Escalation

NSClient++ 0.5.2.35 - Privilege Escalation Exploit Author: bzyo Twitter: @bzyo Exploit Title: NSClient++ 0.5.2.35 - Privilege Escalation Date: 05-05-19 Vulnerable Software: NSClient++ 0.5.2.35 Vendor Homepage: http://nsclient.org/ Version: 0.5.2.35 Software Link: http://nsclient.org/download/...

NSClient++ 0.5.2.35 - Privilege Escalation

Exploit Author: bzyo Twitter: @bzyo Exploit Title: NSClient++ 0.5.2.35 - Privilege Escalation Date: 05-05-19 Vulnerable Software: NSClient++ 0.5.2.35 Vendor Homepage: http://nsclient.org/ Version: 0.5.2.35 Software Link: http://nsclient.org/download/ Tested on: Windows 10 x64 Details: When...

Pulse Secure Pulse Connect Secure Path Traversal Vulnerability

Pulse Secure Pulse Connect Secure a.k.a. PCS, formerly known as Juniper Junos Pulse is a suite of SSL VPN solutions from Pulse Secure in the United States. A security vulnerability exists in Network File Share NFS in Pulse Secure PCS. An attacker could exploit this vulnerability to write arbitrar...

CB TAU Threat Intelligence Notification: HopLight Campaign (Linked to North Korea) is Reusing Substantial Amount of Code

On April 10, 2019 the US Department of Homeland Security DHS released a Malware Analysis Report MAR-10135536-8 which detailed the trojan HopLight. HopLight has been linked to different North Korean DPRK campaigns also known as the Lazarus Group. The CB Threat Analysis Unit TAU has continued to...

Zoho ManageEngine ADManager Plus 6.6 (Build 6659) - Privilege Escalation

Zoho ManageEngine ADManager Plus 6.6 Build 6659 - Privilege Escalation Exploit Title: Zoho ManageEngine ADManager Plus 6.6 Build 6659 Privilege Escalation Date: 15th April 2019 Exploit Author: Digital Interruption Vendor Homepage: https://www.manageengine.co.uk/ Version: 6.6 Build 6658 Tested on:...

Zoho ManageEngine ADManager Plus 6.6 (Build < 6659) - Privilege Escalation Vulnerability

Exploit for windows platform in category local exploits Exploit Title: Zoho ManageEngine ADManager Plus 6.6 Build 6659 Privilege Escalation Exploit Author: Digital Interruption Vendor Homepage: https://www.manageengine.co.uk/ Version: 6.6 Build 6658 Tested on: Windows Server 2012 R2 CVE :...

Zoho ManageEngine ADManager Plus 6.6 (Build &lt; 6659) - Privilege Escalation

Exploit Title: Zoho ManageEngine ADManager Plus 6.6 Build 6659 Privilege Escalation Date: 15th April 2019 Exploit Author: Digital Interruption Vendor Homepage: https://www.manageengine.co.uk/ Version: 6.6 Build 6658 Tested on: Windows Server 2012 R2 CVE : CVE-2018-19374 Due to weak permissions...

Microsoft Windows and Microsoft Windows Server Elevation of Privilege Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. A privilege-lifting vulnerability exists in Microsoft Windows that stems from Windows'...

Windows Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver luafv.sys. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change...

Windows Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver luafv.sys. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change...

Windows Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver luafv.sys. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change...