350 matches found
CVE-2017-5996
The agent in Bomgar Remote Support 15.2.x before 15.2.3, 16.1.x before 16.1.5, and 16.2.x before 16.2.4 allows DLL hijacking because of weak %SYSTEMDRIVE%\ProgramData permissions...
CVE-2017-5996
The CVE-2017-5996 issue affects Bomgar Remote Support: the agent in 15.2.x before 15.2.3, 16.1.x before 16.1.5, and 16.2.x before 16.2.4 is vulnerable to DLL hijacking due to weak permissions on %SYSTEMDRIVE%\ProgramData. This is a local privilege escalation exposure where an attacker could lever...
Mikogo 5.4.1.160608 - Local Credentials Disclosure Exploit
Exploit for windows platform in category local exploits !/usr/bin/env python Mikogo 5.4.1.160608 Local Credentials Disclosure Vendor: Snapview GmbH Product web page: https://www.mikogo.com Affected version: 5.4.1.160608 Summary: Mikogo is a desktop sharing software application for web conferencin...
QNAP HelpDesk SQL Injection(CVE-2017-13068)
Vulnerability Summary The following advisory describes a SQL injection found in QTS Helpdesk versions 1.1.12 and earlier. QNAP helpdesk: “Starting from QTS 4.2.2 you can use the built-in Helpdesk app to directly submit help requests to QNAP from your NAS. To do so, ensure your NAS can reach the...
QNAP HelpDesk 1.1.12 - SQL Injection
QNAP HelpDesk 1.1.12 - SQL Injection Vulnerability Summary The following advisory describes a SQL injection found in QTS Helpdesk versions 1.1.12 and earlier. QNAP helpdesk: “Starting from QTS 4.2.2 you can use the built-in Helpdesk app to directly submit help requests to QNAP from your NAS. To d...
QNAP HelpDesk < 1.1.12 - SQL Injection
Vulnerability Summary The following advisory describes a SQL injection found in QTS Helpdesk versions 1.1.12 and earlier. QNAP helpdesk: “Starting from QTS 4.2.2 you can use the built-in Helpdesk app to directly submit help requests to QNAP from your NAS. To do so, ensure your NAS can reach the...
Remote Support Tool Untrusted Search Path Vulnerability
Remote Support Tool Enkaku Support Tool is an Enkaku support tool from NIPPON TELEGRAPH AND TELEPHONE WEST, Japan. An untrustworthy search path vulnerability exists in versions of Remote Support Tool prior to August 10, 2017 . An attacker can exploit this vulnerability to gain privileges with the...
CVE-2017-10829
CVE-2017-10829 refers to an untrusted search path vulnerability in the Remote Support Tool (Enkaku Support Tool) installer from NTT East/West. The issue (CWE-427) arises from insecure DLL loading via the DLL search path, potentially allowing arbitrary code execution with the privileges of the use...
CVE-2017-10829
Untrusted search path vulnerability in Remote Support Tool Enkaku Support Tool All versions distributed through the website till 2017 August 10 allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...
Installer of "Remote Support Tool (Enkaku Support Tool)" may insecurely load Dynamic Link Libraries
Overview Installer of "Remote Support Tool Enkaku Support Tool" provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION and NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili...
JVN#26115441: Installer of ”Remote Support Tool (Enkaku Support Tool)” may insecurely load Dynamic Link Libraries
Installer of ”Remote Support Tool Enkaku Support Tool” provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION and NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary...
Many Factors Conspire in ICS/SCADA Attacks
Critical infrastructure operators can’t be blamed for a perpetual case of whiplash. They are mired between hackers targeting internet-facing and air-gapped systems with equal precision, and vendors and management unwilling to properly tackle security for fear of downtime and incompatibility. “The...
AeroAdmin Man-in-the-Middle Attack Vulnerability
AeroAdmin is a free remote desktop software. The program is capable of encrypting the remote connection process, capable of remote file management. A security vulnerability exists in AeroAdmin version 4.1. An attacker can use this vulnerability to hijack updates and execute code on a device via a...
Bomgar Remote Support - Unauthenticated Code Execution (Metasploit)
Exploit for linux platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Bomgar Remote Support Unauthenticated Code Execution', 'Description' = %q Thi...
Bomgar Remote Support Unauthenticated Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Bomgar Remote Support Unauthenticated Code Execution', 'Description' = %q This module exploits a vulnerability in the Bomgar Remote...
Bomgar Remote Support - Code Execution (Metasploit)
Bomgar Remote Support - Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Bomgar Remote Support Unauthenticated Code Execution', 'Description' = %q This...
Bomgar Remote Support - Code Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Bomgar Remote Support Unauthenticated Code Execution', 'Description' = %q This module exploits a vulnerability in the Bomgar Remote...
Android devices frequently have pits: Certifi-gate vulnerability control-screen recording-vulnerability warning-the black bar safety net
! This month's black hat conference disclosure vulnerability Certifi-gate exposed android security repeatedly go wrong. The black bar safety net Encyclopedia: what is the Certifi-gate “Certifi-gate”is a vulnerability, this vulnerability exists in the Android phone remote support...
Google Pulls App Exploiting Certifi-Gate Vulnerability
A mobile application exploiting the so-called Certifi-gate vulnerability disclosed at Black Hat has been removed from the Google Play store. Though the number of downloads of Recordable Activator, a screen recorder app for Android devices, hovers between 100,000 and a half-million, researchers at...
"Certifi-Gate" Android Vulnerability Lets Hackers Take Complete Control of Your Device
Android users are busy fighting with Stagefright vulnerability while the popular mobile operating system faces another critical security vulnerability, dubbed as “Certifi-Gate”. Millions of Android devices could be hacked exploiting a plugin that comes pre-installed on your Android devices by the...