Trend Micro Control Manager ProductTree_TreeManagement1 XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within...

Trend Micro Control Manager cgiCMUIDispatcher Login Token SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within processing of...

Trend Micro Control Manager RestfulServiceUtility.NET SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the Investigate endpoint in RestfulServiceUtility.NET.dll. The issue results...

Trend Micro Control Manager RestfulServiceUtility.NET SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the SupportTree endpoint in RestfulServiceUtility.NET.dll. The issue results...

Microsoft Windows SeImpersonatePrivilege - Local Privilege Escalation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28833/info Microsoft Windows is prone to a privilege-escalation vulnerability. Successful exploits may allow authenticated users to elevate their privileges to NetworkService. This allows attackers to execute code with...

Microsoft DNS Resolution Remote Code Execution Vulnerability (2509553)

This host is missing a critical security update according to Microsoft Bulletin MS11-030. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft DNS Resolution Remote Code Execution Vulnerability (2509553)

This host is missing a critical security update according to Microsoft Bulletin MS11-030. OpenVAS Vulnerability Test $Id: secpodms11-030.nasl 8724 2018-02-08 15:02:56Z cfischer $ Microsoft DNS Resolution Remote Code Execution Vulnerability 2509553 Authors: Veerendra GG Copyright: Copyright c 2011...

MS11-030: Vulnerability in DNS Resolution Could Allow Remote Code Execution (2509553)

A flaw in the way the installed Windows DNS client processes Link- local Multicast Name Resolution LLMNR queries can be exploited to execute arbitrary code in the context of the NetworkService account. Note that Windows XP and 2003 do not support LLMNR and successful exploitation on those platfor...

Microsoft Windows远程过程调用子系统本地权限提升漏洞（MS10-084）

BUGTRAQ ID: 43777 CVE ID: CVE-2010-3222 Microsoft Windows是微软发布的非常流行的操作系统。 运行在NetworkService账号环境下的远程过程调用子系统（RPCSS）中在LPC与LRPC Server（RPC端点映射器）之间交换端口消息存在栈溢出漏洞。本地应用程序可以使用LPC请求LPC服务器通过LRPC回连到客户端，而请求中的特制数据可以触发栈溢出，允许通过认证的用户访问在NetworkService账号环境中所运行的资源。 Microsoft Windows XP SP3 Microsoft Windows XP Pro...

Windows Local Procedure Call Privilege Elevation Vulnerability (2360937)

This host is missing a critical security update according to Microsoft Bulletin MS10-084. OpenVAS Vulnerability Test $Id: secpodms10-084.nasl 5361 2017-02-20 11:57:13Z cfi $ Windows Local Procedure Call Privilege Elevation Vulnerability 2360937 Authors: Madhuri D Copyright c 2010 SecPod,...

Microsoft Windows - Local Procedure Call (LPC) Privilege Escalation

Microsoft Windows - Local Procedure Call LPC Privilege Escalation // source: https://www.securityfocus.com/bid/43860/info Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code and elevate their privileges to the...

CVE-2010-1886

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes...

Cross site scripting

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes...

CVE-2010-1886

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes...

CVE-2010-1886

CVE-2010-1886 represents a local privilege-escalation issue in Windows where an attacker with access to a process running under the NetworkService account can gain LocalSystem privileges via the Windows Service Isolation mechanism. Documented vectors involve the TAPI Server and other services suc...

Microsoft Windows Service Isolation Bypass Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. Successful exploits may allow attackers to elevate their privileges from NetworkService to LocalSystem, which would facilitate the complete compromise of affected computers. Technologies Affected Microsoft Windo...

Microsoft Windows WMI服务隔离本地权限提升漏洞（MS09-012）

BUGTRAQ ID: 34442 CVECAN ID: CVE-2009-0078 Microsoft Windows是微软发布的非常流行的操作系统。 Windows管理规范（WMI）提供程序没有正确地隔离NetworkService或LocalService帐号下运行的进程，同一帐号下运行的两个独立进程可以完全访问对方的文件句柄、注册表项等资源。WMI提供程序主机进程在某些情况下会持有SYSTEM令牌，如果攻击者可以以...

CVE-2009-0078

The Windows Management Instrumentation WMI provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that 1 all run under the NetworkService account or 2 all run under the...

CVE-2009-0080

The ThreadPool class in Windows Vista Gold and SP1, and Server 2008, does not properly implement isolation among a set of distinct processes that 1 all run under the NetworkService account or 2 all run under the LocalService account, which allows local users to gain privileges by leveraging...

CVE-2009-0079

CVE-2009-0079 affects Windows XP (SP2/SP3) and Windows Server 2003 (SP1/SP2). The vulnerability is a failure to isolate multiple RPCSS processes that run under the same account (NetworkService or LocalService), allowing a local user to escalate privileges by accessing resources of sibling RPCSS p...