135 matches found
PT-2025-36725
Name of the Vulnerable Software and Affected Versions: EN4TR devices affected versions not specified Description: A security issue exists in the protected mode of EN4TR devices. Sending specifically crafted messages during a Forward Close operation can cause the device to crash. Recommendations: ...
CVE-2012-1545
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service memory corruption by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012...
Zebra ZTC Industrial ZT400 and ZTC Desktop GK420d Authentication Bypass Using an Alternate Path or Channel (CVE-2023-4957)
A vulnerability of authentication bypass has been found on a Zebra Technologies ZTC ZT410-203dpi ZPL printer. This vulnerability allows an attacker that is in the same network as the printer, to change the username and password for the Web Page by sending a specially crafted POST request to the...
Zebra ZTC Industrial ZT400 and ZTC Desktop GK420d
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION : Exploitable with adjacent access/low attack complexity Vendor : Zebra Technologies Equipment : ZTC Industrial ZT410, ZTC Desktop GK420d Vulnerability : Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful...
CVE-2023-4957
A vulnerability of authentication bypass has been found on a Zebra Technologies ZTC ZT410-203dpi ZPL printer. This vulnerability allows an attacker that is in the same network as the printer, to change the username and password for the Web Page by sending a specially crafted POST request to the...
Authentication flaw
A vulnerability of authentication bypass has been found on a Zebra Technologies ZTC ZT410-203dpi ZPL printer. This vulnerability allows an attacker that is in the same network as the printer, to change the username and password for the Web Page by sending a specially crafted POST request to the...
CVE-2023-4957
CVE-2023-4957 affects Zebra Technologies ZTC industrial printers (ZT410) and GK420d desktop models. A authentication-bypass flaw allows an attacker on the same network to alter web-page credentials by sending a crafted POST to setvarsResults.cgi when the printer’s protected mode is disabled. Repo...
CVE-2023-4957 Authentication Bypass on Zebra ZTC
A vulnerability of authentication bypass has been found on a Zebra Technologies ZTC ZT410-203dpi ZPL printer. This vulnerability allows an attacker that is in the same network as the printer, to change the username and password for the Web Page by sending a specially crafted POST request to the...
SUSE CVE-2015-3081
Race condition in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allows attackers to bypass the Internet...
SUSE CVE-2018-5165
In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Enable Adobe Flash protected mode" is unchecked by default even though the Adobe Flash sandbox is actually enabled. The displayed state is the reverse of the true setting, resulting in user confusion. This could cause users to...
CVE-2022-30190 (Follina) vulnerability in MSDT: description and counteraction
At the end of May, researchers from the naosec team reported a new zero-day vulnerability in Microsoft Support Diagnostic Tool MSDT that can be exploited using Microsoft Office documents. It allowed attackers to remotely execute code on Windows systems, while the victim could not even open the...
Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability
In August, Microsoft Threat Intelligence Center MSTIC identified a small number of attacks less than 10 that attempted to exploit a remote code execution vulnerability in MSHTML using specially crafted Microsoft Office documents. These attacks used the vulnerability, tracked as CVE-2021-40444, as...
Microsoft Internet Explorer 11 Use-After-Free
Exploit Title: Internet Explorer 11 - Use-After-Free Google Dork: if applicable Date: 2020-09-06 Exploit Author: Tgroup Vendor Homepage: Microsoft.com Version: IE 11 REQUIRED Tested on: Windows 7 x64 CVE : CVE-2020-0674 //...
The vulnerability of the “Enable Adobe Flash protected mode” parameter in the Adobe Flash plugin for the Firefox ESR browser allows a hacker to bypass existing security restrictions.
The vulnerability of the “Enable Adobe Flash protected mode” parameter in the Adobe Flash plugin for the Firefox ESR browser is related to privilege management errors. Exploiting this vulnerability could allow a malicious actor to bypass existing security restrictions remotely...
Microsoft Windows: Shell protocol protected mode
This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full functionality of this protocol, applications can open folders and launch files. The protected mode reduces the functionality of this protocol allowing applications to only...
CVE-2018-5165
In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Enable Adobe Flash protected mode" is unchecked by default even though the Adobe Flash sandbox is actually enabled. The displayed state is the reverse of the true setting, resulting in user confusion. This could cause users to...
Mozilla Firefox Security Bypass Vulnerability (CNVD-2018-11790)
Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox prior to version 60, which originates from the program's failure to detect the Adobe Flash plug-in setting used to 'turn on Adobe Flash...
KLA11246 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
Multiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, gain privileges, execute arbitrary code, perform XSS attacks and bypass security restrictions. Below is a complete list ...
Attackers Exploiting Unpatched Flaw in Flash
Adobe warned on Thursday that attackers are exploiting a previously unknown security hole in its Flash Player software to break into Microsoft Windows computers. Adobe said it plans to issue a fix for the flaw in the next few days, but now might be a good time to check your exposure to this...
Microsoft Windows jscript!RegExpComp::Compile Heap Overflow Exploit
There is a heap overflow in jscript.dll when compiling a regex. This issue could potentially be exploited through multiple vectors. Windows: Heap overflow in jscript!RegExpComp::Compile through IE or local network via WPAD CVE-2017-11890 There is a heap overflow in jscript.dll when compiling a...