60 matches found
Denial of service
A denial of service vulnerability was reported in Check Point Endpoint Security Client for Windows before E82.10, that could allow service log file to be written to non-standard locations...
CVE-2019-8463
A denial of service vulnerability was reported in Check Point Endpoint Security Client for Windows before E82.10, that could allow service log file to be written to non-standard locations...
The vulnerability of the Endpoint Security Initial Client for Windows clients involves a lack of mechanisms for secure loading of DLL libraries, allowing attackers to exploit their privileges.
The vulnerability of Endpoint Security Initial Client for Windows involves a lack of a secure loading mechanism for DLL libraries. Exploiting this vulnerability allows an attacker to enhance their privileges by executing malicious software...
Siemens Industrial Products Local Privilege Escalation Vulnerability (Update I)
1. EXECUTIVE SUMMARY CVSS v3 6.4 ATTENTION: Exploitable locally Vendor: Siemens Equipment: Industrial Products Vulnerability: Improper privilege management 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-16-313-02 Siemens Industrial Products Local...
CVE-2019-8458
Check Point Endpoint Security Client for Windows, with Anti-Malware blade installed, before version E81.00, tries to load a non-existent DLL during an update initiated by the UI. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software...
CVE-2019-8454
A local attacker can create a hard-link between a file to which the Check Point Endpoint Security client for Windows before E80.96 writes and another BAT file, then by impersonating the WPAD server, the attacker can write BAT commands into that file that will later be run by the user or the syste...
CVE-2019-8454
A local attacker can create a hard-link between a file to which the Check Point Endpoint Security client for Windows before E80.96 writes and another BAT file, then by impersonating the WPAD server, the attacker can write BAT commands into that file that will later be run by the user or the syste...
Hardcoded credentials
A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security client for Windows before E80.96 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gain...
Vulnerability in client (CVE-2018-10915)
Certain host connection parameters defeat client-side security defenses...
JXBrowser JavaScript-Java bridge in the RCE vulnerability-vulnerability warning-the black bar safety net
I recently was studying how to use JXBrowser to achieve a set of experimental scanning techniques. When I use JXBrowser library in the process, I suddenly thought, whether it can be by calling different classes to attack the JXBrowser client, and through a Web page to achieve remote code executio...
New Citadel Trojan Targets Your Password Managers
Unless we are a human supercomputer, remembering password is not an easy task and that too, if you have a different password for every different site. But luckily to make the whole process easy, there is a growing market for password managers which provides an extra layer of protection. Wait! Wai...
Citadel Variant Targets Password Managers
The Citadel Trojan has once again branched out beyond its roots as banking malware and is now targeting the master passwords guarding major password management products. Researchers from IBM Trusteer today said they’ve notified makers of the nexus Personal Security Client, Password Safe and KeePa...
Checkpoint VPN - Priviledge Escalation
It appears this bug has gone unoticed to vulnerability databases maintainers, very likely due to the lack of disclosure/publication. This usually means it's also not in compliance/patching systems and exposes customers to unecessary risk. To counteract I'd like to drop this note. Checkpoint SNX...
Symantec Altiris Deployment Solution Multiple Vulnerabilities
SUMMARY Symantecs Altiris Deployment Solution contains vulnerabilities that could potentially be leveraged for unauthorized file access or a denial of service on a client system, authentication bypass on the Server to local system-level access on a client system. AFFECTED PRODUCTS Product | Versi...
SonicWALL Global安全客户端本地特权提升漏洞
Bugraq ID: 35094 CNCAN ID:CNCAN-2009052704 SonicWALL Global Security Client是一款多个SonicWALL设备上的全局安全客户端软件。 SonicWALL Global Security Client存在设计错误,本地攻击者可以利用漏洞提升特权。 当从系统托盘Applet中访问GSC属性时不正确丢弃SYSTEM权限。通过右击系统托盘图标,选择"Log",右击"Event Viewer", "Open Log...
SonicWALL Global Security Client Privilege Escalation
SEC Consult Security Advisory ========================================================================== title: SonicWALL Global Security Client Local Privilege Escalation Vulnerability program: SonicWALL Global Security Client vulnerable version: 1.0.0.15 and possibly other versions homepage:...
SEC Consult SA-20090525-2 :: SonicWALL Global Security Client Local Privilege Escalation Vulnerability
SEC Consult Security Advisory 20090525-2 ========================================================================== title: SonicWALL Global Security Client Local Privilege Escalation Vulnerability program: SonicWALL Global Security Client vulnerable version: 1.0.0.15 and possibly other versions...
Novell ZENworks ESM Security Client STEngine Privilege Escalation
Novell ZENworks Endpoint Security Management ESM Security Client is installed on the remote host. It provides a centrally-managed, policy-based firewall for enterprise computers. The version of this software on the remote host dynamically generates various scripts which are then executed by the...
Buffer overflows in ircII-based clients
After seeing the BitchX "DoS" problem mentioned the n'th time already, I decided to finally audit ircII based clients to show some worse problems they have. I had been pretty sure for years that malicious servers can exploit them in multiple ways, and I think many others have known it as well. EP...
mmdump.pl
Meeting Maker is a networked calendaring/scheduling software package that's estimated to be installed on over 700,000 desktops e.g., see http://www.meetingmaker6.com/presslib/pressrel/mm061499mm6.htm. Meeting Maker is a registered trademark of ON Technology Corporation. Clients send passwords to ...