53 matches found
CVE-2018-8219
An elevation of privilege vulnerability exists when Windows Hyper-V instruction emulation fails to properly enforce privilege levels, aka "Hypervisor Code Integrity Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers...
CVE-2018-0152
A vulnerability in the web-based user interface web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to gain elevated privileges on an affected device. The vulnerability exists because the affected software does not reset the privilege level for each web UI session. An...
Cisco Patches Two Critical RCE Bugs in IOS XE Software
Three critical vulnerabilities were patched by Cisco Systems on Wednesday, each tied to the company’s widely used internetworking operating system IOS XE. Two of the bugs are remote code execution vulnerabilities that could allow an attacker to take control over affected systems. The critical bug...
CVE-2017-6167
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being executed with different privilege levels than expected...
CVE-2017-6167
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being executed with different privilege levels than expected...
Hypervisor code integrity elevation of privilege vulnerability: June 13, 2017
Hypervisor code integrity elevation of privilege vulnerability: June 13, 2017 Summary An elevation of privilege vulnerability exists when Windows Hyper-V instruction emulation fails to properly enforce privilege levels. An attacker who successfully exploited this vulnerability could gain elevated...
Navetti PricePoint 4.6.0.0 - SQL Injection Cross-Site Scripting Cross-Site Request Forgery
Navetti PricePoint 4.6.0.0 - SQL Injection Cross-Site Scripting Cross-Site Request Forgery ======================================================================= title: Multiple vulnerabilities product: Navetti PricePoint vulnerable version: 4.6.0.0 fixed version: 4.7.0.0 or higher CVE number: -...
GUI Bugs Expose Information Disclosure, Privilege Escalation
Developers are creating countless information disclosure and privilege escalation vulnerabilities by misusing elements of various graphical user interfaces as a mechanisms for access control, according to a new research paper from the Northeastern University College of Computer and Information...
NEC Backdoor Administrative Account
H! NEC Corp. has a product line of high perfomance servers - http://www.nec.com.sg/index.php?q=products/enterprise-servers In the documentations it is said that there is two user privilege levels: 1. Common user - who can monitor the system status 2. Admin user - for configuring system hardware b...
USN-334-1: krb5 vulnerabilities
Michael Calmer and Marcus Meissner discovered that several krb5 tools did not check the return values from setuid system calls. On systems that have configured user process limits, it may be possible for an attacker to cause setuid to fail via resource starvation. In that situation, the tools wil...
CVE-2006-3595
The default configuration of IOS HTTP server in Cisco Router Web Setup CRWS before 3.3.0 build 31 does not require credentials, which allows remote attackers to access the server with arbitrary privilege levels, aka bug CSCsa78190...
[NEWS] Directory Traversal Vulnerabilities in FTP Clients
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion Beyond Security would like to welcome Tiscali World Online to our service provider team. For more info on their service offering IP-Secure,...
Microsoft Windows 9598NT 4.0 - Help File Backdoor
Microsoft Windows 9598NT 4.0 - Help File Backdoor source: https://www.securityfocus.com/bid/868/info The help files for the Windows Help system .cnt, .hlp can be edited so that they run an arbitrary executable when selected by a user. The executable will run at the privelege level of the user. Th...