Lucene search
K

350 matches found

Cvelist
Cvelist
added 2017/10/26 6:0 p.m.19 views

CVE-2017-5996

The agent in Bomgar Remote Support 15.2.x before 15.2.3, 16.1.x before 16.1.5, and 16.2.x before 16.2.4 allows DLL hijacking because of weak %SYSTEMDRIVE%\ProgramData permissions...

7.7AI score0.013EPSS
Exploits1References2
CVE
CVE
added 2017/10/26 6:0 p.m.56 views

CVE-2017-5996

The CVE-2017-5996 issue affects Bomgar Remote Support: the agent in 15.2.x before 15.2.3, 16.1.x before 16.1.5, and 16.2.x before 16.2.4 is vulnerable to DLL hijacking due to weak permissions on %SYSTEMDRIVE%\ProgramData. This is a local privilege escalation exposure where an attacker could lever...

9.3CVSS7.6AI score0.013EPSS
Exploits1References2Affected Software1
0day.today
0day.today
added 2017/10/24 12:0 a.m.25 views

Mikogo 5.4.1.160608 - Local Credentials Disclosure Exploit

Exploit for windows platform in category local exploits !/usr/bin/env python Mikogo 5.4.1.160608 Local Credentials Disclosure Vendor: Snapview GmbH Product web page: https://www.mikogo.com Affected version: 5.4.1.160608 Summary: Mikogo is a desktop sharing software application for web conferencin...

6.8AI score
Exploits0
seebug.org
seebug.org
added 2017/10/11 12:0 a.m.47 views

QNAP HelpDesk SQL Injection(CVE-2017-13068)

Vulnerability Summary The following advisory describes a SQL injection found in QTS Helpdesk versions 1.1.12 and earlier. QNAP helpdesk: “Starting from QTS 4.2.2 you can use the built-in Helpdesk app to directly submit help requests to QNAP from your NAS. To do so, ensure your NAS can reach the...

5CVSS8.5AI score0.02577EPSS
Exploits3
exploitpack
exploitpack
added 2017/10/09 12:0 a.m.38 views

QNAP HelpDesk 1.1.12 - SQL Injection

QNAP HelpDesk 1.1.12 - SQL Injection Vulnerability Summary The following advisory describes a SQL injection found in QTS Helpdesk versions 1.1.12 and earlier. QNAP helpdesk: “Starting from QTS 4.2.2 you can use the built-in Helpdesk app to directly submit help requests to QNAP from your NAS. To d...

5CVSS0.4AI score0.02577EPSS
Exploits3
Exploit DB
Exploit DB
added 2017/10/09 12:0 a.m.52 views

QNAP HelpDesk < 1.1.12 - SQL Injection

Vulnerability Summary The following advisory describes a SQL injection found in QTS Helpdesk versions 1.1.12 and earlier. QNAP helpdesk: “Starting from QTS 4.2.2 you can use the built-in Helpdesk app to directly submit help requests to QNAP from your NAS. To do so, ensure your NAS can reach the...

7.5CVSS7.6AI score0.02577EPSS
Exploits3
CNVD
CNVD
added 2017/09/06 12:0 a.m.4 views

Remote Support Tool Untrusted Search Path Vulnerability

Remote Support Tool Enkaku Support Tool is an Enkaku support tool from NIPPON TELEGRAPH AND TELEPHONE WEST, Japan. An untrustworthy search path vulnerability exists in versions of Remote Support Tool prior to August 10, 2017 . An attacker can exploit this vulnerability to gain privileges with the...

9.3CVSS7.9AI score0.01231EPSS
Exploits0References1
CVE
CVE
added 2017/09/01 2:0 p.m.49 views

CVE-2017-10829

CVE-2017-10829 refers to an untrusted search path vulnerability in the Remote Support Tool (Enkaku Support Tool) installer from NTT East/West. The issue (CWE-427) arises from insecure DLL loading via the DLL search path, potentially allowing arbitrary code execution with the privileges of the use...

9.3CVSS7.7AI score0.01231EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2017/09/01 2:0 p.m.18 views

CVE-2017-10829

Untrusted search path vulnerability in Remote Support Tool Enkaku Support Tool All versions distributed through the website till 2017 August 10 allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...

7.8AI score0.01231EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/30 6:10 a.m.3 views

Installer of "Remote Support Tool (Enkaku Support Tool)" may insecurely load Dynamic Link Libraries

Overview Installer of "Remote Support Tool Enkaku Support Tool" provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION and NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili...

9.3CVSS6.8AI score0.01231EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/30 12:0 a.m.54 views

JVN#26115441: Installer of ”Remote Support Tool (Enkaku Support Tool)” may insecurely load Dynamic Link Libraries

Installer of ”Remote Support Tool Enkaku Support Tool” provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION and NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary...

9.3CVSS7.7AI score0.01231EPSS
Exploits0
ThreatPost
ThreatPost
added 2017/08/11 1:57 p.m.18 views

Many Factors Conspire in ICS/SCADA Attacks

Critical infrastructure operators can’t be blamed for a perpetual case of whiplash. They are mired between hackers targeting internet-facing and air-gapped systems with equal precision, and vendors and management unwilling to properly tackle security for fear of downtime and incompatibility. “The...

0.8AI score
Exploits0References1
CNVD
CNVD
added 2017/07/03 12:0 a.m.2 views

AeroAdmin Man-in-the-Middle Attack Vulnerability

AeroAdmin is a free remote desktop software. The program is capable of encrypting the remote connection process, capable of remote file management. A security vulnerability exists in AeroAdmin version 4.1. An attacker can use this vulnerability to hijack updates and execute code on a device via a...

8.1CVSS7.4AI score0.0158EPSS
Exploits1References1
0day.today
0day.today
added 2016/06/15 12:0 a.m.49 views

Bomgar Remote Support - Unauthenticated Code Execution (Metasploit)

Exploit for linux platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Bomgar Remote Support Unauthenticated Code Execution', 'Description' = %q Thi...

7.1AI score0.05869EPSS
Exploits4
Packet Storm
Packet Storm
added 2016/06/15 12:0 a.m.49 views

Bomgar Remote Support Unauthenticated Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Bomgar Remote Support Unauthenticated Code Execution', 'Description' = %q This module exploits a vulnerability in the Bomgar Remote...

7.5CVSS0.1AI score0.05869EPSS
Exploits4
exploitpack
exploitpack
added 2016/06/15 12:0 a.m.27 views

Bomgar Remote Support - Code Execution (Metasploit)

Bomgar Remote Support - Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Bomgar Remote Support Unauthenticated Code Execution', 'Description' = %q This...

7.5CVSS7.1AI score0.05869EPSS
Exploits4
Exploit DB
Exploit DB
added 2016/06/15 12:0 a.m.154 views

Bomgar Remote Support - Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Bomgar Remote Support Unauthenticated Code Execution', 'Description' = %q This module exploits a vulnerability in the Bomgar Remote...

7.5CVSS7AI score0.05869EPSS
Exploits4
myhack58
myhack58
added 2015/08/28 12:0 a.m.19 views

Android devices frequently have pits: Certifi-gate vulnerability control-screen recording-vulnerability warning-the black bar safety net

! This month's black hat conference disclosure vulnerability Certifi-gate exposed android security repeatedly go wrong. The black bar safety net Encyclopedia: what is the Certifi-gate “Certifi-gate”is a vulnerability, this vulnerability exists in the Android phone remote support...

1.1AI score
Exploits0
ThreatPost
ThreatPost
added 2015/08/25 2:55 p.m.11 views

Google Pulls App Exploiting Certifi-Gate Vulnerability

A mobile application exploiting the so-called Certifi-gate vulnerability disclosed at Black Hat has been removed from the Google Play store. Though the number of downloads of Recordable Activator, a screen recorder app for Android devices, hovers between 100,000 and a half-million, researchers at...

1.4AI score
Exploits0References2
The Hacker News
The Hacker News
added 2015/08/07 5:25 a.m.29 views

"Certifi-Gate" Android Vulnerability Lets Hackers Take Complete Control of Your Device

Android users are busy fighting with Stagefright vulnerability while the popular mobile operating system faces another critical security vulnerability, dubbed as “Certifi-Gate”. Millions of Android devices could be hacked exploiting a plugin that comes pre-installed on your Android devices by the...

6.8AI score
Exploits0
Rows per page
Query Builder