43 matches found
Bitdefender Endpoint Security Tool 安全漏洞
Bitdefender Endpoint Security Tool is an endpoint security management tool from the Romanian company Bitdefender. A security vulnerability exists in versions prior to Bitdefender Endpoint Security Tools 6.6.23.320, which stems from the presence of improper access control that allows a normal user...
Improper access control
An issue was discovered in LibreNMS before 1.65.1. It has insufficient access control for normal users because of "'guard' = 'admin'" instead of "'middleware' = 'can:admin'" in routes/web.php...
CVE-2019-5542
VMware Workstation 15.x before 15.5.1 and Fusion 11.x before 11.5.1 contain a denial-of-service vulnerability in the RPC handler. Successful exploitation of this issue may allow attackers with normal user privileges to create a denial-of-service condition on their own VM...
CVE-2019-17118
A CSRF issue in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows a remote attacker to trick an authenticated user into performing unintended actions such as 1 create or delete admin users; 2 create or delete groups; or 3 create, delete, enable, or disable normal users or devices...
CVE-2019-17118
A CSRF issue in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows a remote attacker to trick an authenticated user into performing unintended actions such as 1 create or delete admin users; 2 create or delete groups; or 3 create, delete, enable, or disable normal users or devices...
Microsoft Windows Task Scheduler Privilege Escalation Vulnerability
Microsoft Windows Task Scheduler suffers from a local privilege escalation vulnerability. The Windows MMC auto-elevates members of the 'administrators' group via the GUI and MMC snap-ins via mmc.exe automatically elevate without prompting UAC potentially leading to unintentional elevation of...
Xxe
An issue was discovered in Tufin SecureTrack 18.1 with TufinOS 2.16 build 1179Final. The Audit Report module is affected by a blind XXE vulnerability when a new Best Practices Report is saved using a special payload inside the xml input field. The XXE vulnerability is blind since the response...
CVE-2018-18406
An issue was discovered in Tufin SecureTrack 18.1 with TufinOS 2.16 build 1179Final. The Audit Report module is affected by a blind XXE vulnerability when a new Best Practices Report is saved using a special payload inside the xml input field. The XXE vulnerability is blind since the response...
GHSA-V7MF-QGXF-QMVF Apache Ranger admin users can store some arbitrary javascript code to be executed when normal users login and access policies
Apache Ranger before 0.6.is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies...
macOS Fruitfly Backdoor Analysis Renders New Spying Capabilities
LAS VEGAS—The FruitFly backdoor became a known entity in January, but it’s a good bet that for years it had been in the wild, undetected by analysts and security software. The macOS and OS X malware has a number of insidious spying capabilities that would make anyone uneasy, and a variant recentl...
Cross site scripting
Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies...
CVE-2016-8751
Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies...
CVE-2016-8751
Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies...
CVE-2016-8751
Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies...
Stored Cross-Site Scripting (XSS)
Apache Ranger is vulnerable to stored cross-site scripting XSS attacks. When entering custom policy conditions, admin users can store some arbitrary javascript code to be executed when normal users login and access policies...
Audit CouchDB - The Simple, Clear, CouchDB Security Assessment
Audit CouchDB is a simple tool with a powerful message. Given an Apache CouchDB URL, it will tell you everything you ever wanted to know about its security. Objective Audit CouchDB will perform the following actions: 1. Learn every possible fact about the couch, for example: What is the server...
[SECURITY] Fedora 18 Update: pmount-0.9.23-4.fc18
pmount "policy mount" is a wrapper around the standard mount program which permits normal users to mount removable devices without a matching /etc/fstab entry. Be warned that pmount is installed setuid root...
Mandriva Update for kolab-webadmin MDVA-2010:230 (kolab-webadmin)
Check for the Version of kolab-webadmin OpenVAS Vulnerability Test Mandriva Update for kolab-webadmin MDVA-2010:230 kolab-webadmin Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...
Microsoft IIS FTPd Denial Of Service
MS IIS FTPD DoS ZER0DAY There is a DoS vulnerability in the globbing functionality of IIS FTPD. Anonymous users can exploit this if they have read access to a directory!!! Normal users can exploit this too if they can read a directory. Example session where the anonymous user has read access to t...
Microsoft IIS 5.06.0 FTP Server - Stack Exhaustion Denial of Service
Microsoft IIS 5.06.0 FTP Server - Stack Exhaustion Denial of Service MS IIS FTPD DoS ZER0DAY There is a DoS vulnerability in the globbing functionality of IIS FTPD. Anonymous users can exploit this if they have read access to a directory!!! Normal users can exploit this too if they can read a...