Information disclosure

An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'...

CVE-2020-0859

CVE-2020-0859 is described as an information disclosure vulnerability in Windows Modules Installer Service where file information could be disclosed. The primary details available: affected component is Windows Modules Installer Service; root cause and exact exploitation path are not elaborated i...

CVE-2020-0859

An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'...

Microsoft Windows Modules Installer Service Information Disclosure Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, U.S.A. Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. The Modules Installer Service is one of the services that supports the installatio...

Sifter - A OSINT, Recon And Vulnerability Scanner

Sifter is a osint, recon & vulnerability scanner. It combines a plethara of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the 'blue' vulnerabilities within microsft and if unpatched, exploit...

CVE-2019-19279

CVE-2019-19279 affects Siemens SIPROTEC 4 and SIPROTEC Compact relays with EN100 Ethernet modules (all versions). The issue is caused by sending specially crafted packets to UDP port 50000, which can trigger a network-denial-of-service on the affected device. Recovery requires a manual reboot. At...

Privilege escalation

Modern DRAM chips DDR4 and LPDDR4 after 2015 are affected by a vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh TRR, aka the TRRespass issue. To exploit this vulnerability, the attacker needs to create certain access patterns to trigger bit...

ansible: secrets disclosed on logs when no_log enabled

Ansible was logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process...

Windows Modules Installer Service Information Disclosure Vulnerability

An information vulnerability exists when Windows Modules Installer Service improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read any file on the file system. To exploit the vulnerability, an attacker would have to log onto an affected...

KB4540670: Windows 10 Version 1607 and Windows Server 2016 March 2020 Security Update

The remote Windows host is missing security update 4540670. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists when the Windows Device Setup Manager improperly handles file operations. An attacker who successfully exploited this vulnerability...

Node.js third-party modules: [Limited bypass of #793704] Blind SSRF in Ghost CMS

Blind SSRF vulnerability in Ghost allows for internal port scanning, or reading oembed contents from internal network...

Proton Framework - A Windows Post Exploitation Framework Similar To Other Penetration Testing Tools Such As Meterpreter And Powershell Invader Framework

About Proton Framework Proton Framework is a Windows post exploitation framework similar to other penetration testing tools such as Meterpreter and Powershell Invader Framework. The major difference is that the Proton Framework does most of its operations using Windows Script Host a.k.a...

npm: Arbitrary file write via constructed entry in the package.json bin field

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or ga...

npm: Symlink reference outside of node_modules folder through the bin field upon installation

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...

npm: Symlink reference outside of node_modules folder through the bin field upon installation

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...

EulerOS 2.0 SP8 : openldap (EulerOS-SA-2020-1169)

According to the versions of the openldap packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An off-by-one error leading to a crash was discovered in openldap 2.4 when processing DNS SRV messages. If slapd was configured to use the...

npm: Symlink reference outside of node_modules folder through the bin field upon installation

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...

CVE-2018-1000873

Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service DoS. This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the...

The vulnerability of the Windows Modules Installer service in Windows operating systems allows a hacker to gain unauthorized access to protected data.

The vulnerability of the Windows Modules Installer service in Windows operating systems is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected data through a specially created application...

CVE-2013-3551

Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System OTRS 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent...