1065 matches found
Enalean Tuleap 7.2 - XML External Entity File Disclosure
Enalean Tuleap 7.2 - XML External Entity File Disclosure Vulnerability title: Tuleap = 7.2 External XML Entity Injection in Enalean Tuleap CVE: CVE-2014-7177 Vendor: Enalean Product: Tuleap Affected version: 7.2 and earlier Fixed version: 7.4.99.5 Reported by: Jerzy Kramarz Details: A multiple XM...
Enalean Tuleap 7.2 - XML External Entity File Disclosure
Vulnerability title: Tuleap = 7.2 External XML Entity Injection in Enalean Tuleap CVE: CVE-2014-7177 Vendor: Enalean Product: Tuleap Affected version: 7.2 and earlier Fixed version: 7.4.99.5 Reported by: Jerzy Kramarz Details: A multiple XML External Entity Injection has been found and confirmed...
Microsoft Windows Task Scheduler Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker may exploit this issue to execute arbitrary code with the Local system account. Successful exploits will result in the complete compromise of affected computers. Technologies Affected Microsoft...
Microsoft IIS 4/5 SSI Buffer Overrun Privelege Elevation
No description provided by source. source: http://www.securityfocus.com/bid/3190/info A vulnerability exists in Microsoft IIS 4.0 and 5.0 that could allow a user with permission to write content to the IIS server to run any code in Local System context. / jim.c - IIS Server Side Include exploit b...
Microsoft Internet Explorer 5/6 Object Type Validation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8456/info The problem occurs when Internet Explorer receives a response from the server when a web page containing an object tag is parsed. Successful exploitation of this vulnerability could allow a malicious object to b...
CylantSecure 1.0 Kernel Module Syscall Rerouting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2958/info CylantSecure is a commercial Linux hardening tool and security infrastructure available from Cylant Technology. A problem in the CylantSecure infrastructure could allow users to escape monitoring. A user with ro...
sash <= 3.7 - Local Buffer Overflow Exploit
No description provided by source. / sash-3.7 buffer overflow in c argyment written by lammat for practice purposes http://grpower.ath.cx [email protected] gdb r -c perl -e 'print Ax10256' The program being debugged has been started already. Start it from the beginning? y or n y Starting program:...
HP OpenView Radia Management Portal 1.0/2.0 - Remote Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13414/info A remote command execution vulnerability affects HP OpenView Radia Management Portal. This issue is due to a failure of the application to properly secure access to critical functionality. This is due to a...
PHP-Proxima autohtml.PHP Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7598/info A vulnerability has been reported for PHP-Proxima. The problem occurs in the autohtml.php script. Specifically, the script fails to verify the contents of a user-supplied variable before including a specified fi...
Nessus 2.0.x LibNASL Arbitrary Code Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7664/info Nessus has reported that various flaws have been discovered in the 'libnasl' library used by the Nessus application. As a result, a malicious NASL script may be able to break outside of the established sandbox...
Microsoft Internet Explorer 5 XML Page Object Type Validation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8565/info Internet Explorer does not properly handle object types, when rendering XML based web sites. This may result in the possibility of the execution of malicious software. The problem occurs when Internet Explorer...
HP Compaq Insight Management Agent 5.0 Format String Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8336/info The Compaq Management Agent HTTP server is vulnerable to a format string issue. A remote attacker may be able to exploit this vulnerability in order to execute arbitrary code with Local System privileges. $ prin...
MS14-027: Vulnerability in Windows Shell Handler Could Allow Elevation of Privilege (2962488)
A privilege escalation vulnerability exists on the remote Windows host due to improper handling of file associations. A local attacker could exploit this vulnerability to execute arbitrary code on the remote host under the privileges of the Local System account. C Tenable Network Security, Inc...
[security bulletin] HPSBUX03001 SSRT101382 rev.1 - HP-UX Whitelisting (WLI), Local System Integrity Risk
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04227671 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04227671 Version: 1 HPSBUX03001...
Microsoft Windows NDPROXY Local SYSTEM Privilege Escalation
NDPROXY Local SYSTEM privilege escalation http://www.offensive-security.com Tested on Windows XP SP3 http://www.offensive-security.com/vulndev/ndproxy-local-system-exploit-cve-2013-5065/ Original crash ... null pointer dereference Access violation - code c0000005 !!! second chance !!! 00000038 ??...
NDPROXY Local SYSTEM Privilege Escalation
Usage Info Original crash ... null pointer dereference Access violation - code c0000005 !!! second chance !!! 00000038 ?? ??? from ctypes import from ctypes.wintypes import import os, sys kernel32 = windll.kernel32 ntdll = windll.ntdll GENERICREAD = 0x80000000 GENERICWRITE = 0x40000000...
Mozilla Updater does not lock MAR file after signature verification — Mozilla
Security researcher Seb Patane reported that the Mozilla Updater does not write-lock the MAR update file when it is in use by the Updater. This leaves open the possibility of altering the contents of the MAR file after the signature on the file has been verified as valid but before it has been...
AVAST Universal Core Installer - Multiple Vulnerabilities
Title: ====== AVAST Universal Core Installer - Multiple Vulnerabilities Date: ===== 2013-06-28 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=966 VL-ID: ===== 965 Common Vulnerability Scoring System: ==================================== 4.2 Introduction: =============...
Microsoft Antimalware privilege escalation
It's possible to execute code with local system rights...
Privilege escalation through Mozilla Updater — Mozilla
Security researcher Ash reported an issue with the Mozilla Updater. The Mozilla Updater can be made to load a malicious local DLL file in a privileged context through either the Mozilla Maintenance Service or independently on systems that do not use the service. This occurs when the DLL file is...