63 matches found
Huawei Emui and Magic UI Registration Tampering Vulnerability
Huawei Emui is a mobile operating system developed based on Android.Magic Ui is a mobile operating system developed based on Android. A security vulnerability exists in Huawei Emui and Magic UI, which can be exploited by attackers to modify registry values...
CVE-2020-27977
CapaSystems CapaInstaller before 6.0.101 does not properly assign, modify, or check privileges for an actor who attempts to edit registry values, allowing an attacker to escalate privileges...
Open redirect
Opto 22 SoftPAC Project Version 9.6 and prior. SoftPACAgent communicates with SoftPACMonitor over network Port 22000. However, this port is open without any restrictions. This allows an attacker with network access to control the SoftPACAgent service including updating SoftPAC firmware, starting ...
CVE-2020-10612
Opto 22 SoftPAC Project Version 9.6 and prior. SoftPACAgent communicates with SoftPACMonitor over network Port 22000. However, this port is open without any restrictions. This allows an attacker with network access to control the SoftPACAgent service including updating SoftPAC firmware, starting ...
How to Limit Parallel Disk Processing in Veeam Agent for Microsoft Windows
Purpose This article documents how to disable or limit parallel disk processing in Veeam Agent for Microsoft Windows. Solution The following registry values can used to control parallel disk processing on the machine where Veeam Agent for Microsoft Windows is installed: To disable parallel disk...
Windows Kernel 64-bit pool memory disclosure via REG_RESOURCE_LIST registry values (videoprt.sys descriptors)(CVE-2018-0899)
We have discovered a Windows kernel memory disclosure vulnerability through the body of "AllocConfig" registry values of type REGRESOURCELIST corresponding to devices handled by videoprt.sys, which can be found under HKLM\SYSTEM\CurrentControlSet\Enum\\Control\AllocConfig. The vulnerability...
Windows Kernel 64-bit pool memory disclosure via REG_RESOURCE_LIST registry values (CmResourceTypeDevicePrivate entries)(CVE-2018-0898)
We have discovered a Windows kernel memory disclosure vulnerability through the body of "AllocConfig" registry values of type REGRESOURCELIST, which can be found under HKLM\SYSTEM\CurrentControlSet\Enum\\Control\AllocConfig. The vulnerability affects 64-bit versions of Windows 7 to 10. The leak...
Microsoft .NET framework SOAP Moniker PrintClientProxy remote code execution vulnerability
Overview The Microsoft .NET framework fails to properly parse WSDL content, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The PrintClientProxy method in the WSDL-parsing component of the Microsoft .NET framework fails to properly...
McAfee LiveSafe (MLS) Man-in-the-Middle Attack Vulnerability
McAfee livesafe is defense against viruses and malware. A man-in-the-middle attack vulnerability exists in the McAfee livesafe non-certificate authentication mechanism implementation, which can be exploited by a remote attacker to submit a special request to modify Windows registry values...
Microsoft OLE URL Moniker improperly handles remotely-linked HTA data
Overview Microsoft OLE uses the URL Moniker to open application data based on the server-provided MIME type, which can allow an unauthenticated remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft OLE uses the URL Moniker to processes remotely-linked content in ...
Windows FLR fails with "Failed to create or open file [C:\Windows\system32\config\systemprofile\"
Challenge When attempting to perform a Guest OS File Level Restore from a Windows Filesystem the mount Backup Browser displays the error: The system cannot find the path specified. Failed to create or open file C:\Windows\system32\config\systemprofile...\veeamflr-.flat. Agent failed to process...
Microsoft Internet Explorer CIERegistryHelper::SetSingleValue Sandbox Escape Vulnerability
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Microsoft Internet Explorer ISettingsBroker Sandbox Bypass Vulnerability
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage o...
SysExporter - Grab data from list-view, tree-view, combo box, WebBrowser control, and text-box
SysExporter utility allows you to grab the data stored in standard list-views, tree-views, list boxes, combo boxes, text-boxes, and WebBrowser/HTML controls from almost any application running on your system, and export it to text, HTML or XML file. Here's some examples for data that you can expo...
HP eSupportDiagnostics 1.0.11 'hpediag.dll' ActiveX Control Multiple Information Disclosure Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/26967/info The HP eSupportDiagnostics ActiveX control is prone to multiple information-disclosure vulnerabilities. An attacker can exploit these issues by enticing an unsuspecting victim to visit a malicious HTML page...
Tape Jobs fail with I/O errors or (SCSI) Bus resets
Challenge Failures occur during the File to tape or Backup to tape jobs. The jobname.log shows error messages similar to: error: The request could not be performed because of an I/O device error error: Tape fatal error.\nThe I/O bus was reset Cause Depending on the type of connection, controller ...
Avira Secure Backup 1.0.0.1 Build 3616 - .reg Buffer Overflow
Avira Secure Backup 1.0.0.1 Build 3616 - .reg Buffer Overflow RCE Security Advisory http://www.rcesecurity.com 1. ADVISORY INFORMATION ----------------------- Product: Avira Secure Backup Vendor URL: www.avira.com Type: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-1...
How to Change the Settings Related to Veeam Backup & Replication Log Files
Purpose This article documents how to change settings regarding where log files are stored, how large an individual log file may become, and how many generations of log files are retained. Solution Log Files Stored on the Veeam Backup Server The following registry values must be created on the...
Latest IE Zero-Day Flaw Tied to Nitro Hackers and Recent Java Zero-Day Exploits
Security experts are warning enterprise and consumer users to stay away from Internet Explorer until Microsoft issues a patch for a new zero-day vulnerability in the browser. Active exploits have been discovered in the wild and are being linked to Nitro, the same group of hackers from China who...
Dell IT Assistant ActiveX information leakage
readRegVal allows registry values access...