364 matches found
Microsoft Windows Task Scheduler 安全漏洞
Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. A security vulnerability exists in Microsoft Windows Task Scheduler. An attacker can exploit the vulnerability to elevate privileges...
CVE-2023-21541 Windows Task Scheduler Elevation of Privilege Vulnerability
...
PT-2023-1138 · Microsoft · Windows Task Scheduler +1
Name of the Vulnerable Software and Affected Versions: Windows Task Scheduler affected versions not specified Description: The issue is related to insufficient access control in the Windows Task Scheduler, which can be exploited to elevate privileges. This allows an attacker to affect the system...
CVE-2023-21541
Technical details about CVE-2023-21541 are not provided in the connected documents. Based on available data, no specifics on affected components, root cause, or fixes are included here. Monitor for updates from authoritative sources.
KLA20158 Multiple vulnerabilities in Microsoft Products (ESU)
Multiple vulnerabilities were found in Microsoft Products Extended Security Update. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, execute arbitrary code, bypass security restrictions, obtain sensitive information. Below is a complete list of...
COM-Hunter - COM Hijacking VOODOO
COM Hijacking VOODOO COM-hunter is a COM Hijacking persistnce tool written in C. This tool was inspired during the RTO course of @zeropointsecltd Features Finds out entry valid CLSIDs in the victim's machine. Finds out valid CLSIDs via Task Scheduler in the victim's machine. Finds out if someone...
Exploit for Improper Authentication in Atlassian Jira_Data_Center
Atlassian Jira Seraph Authentication Bypass RCE(CVE-2022-0540)...
Tarrask malware uses scheduled tasks for defense evasion
As Microsoft continues to track the high-priority state-sponsored threat actor HAFNIUM, new activity has been uncovered that leverages unpatched zero-day vulnerabilities as initial vectors. The Microsoft Detection and Response Team DART in collaboration with the Microsoft Threat Intelligence Cent...
Colibri Loader combines Task Scheduler and PowerShell in clever persistence technique
This blog post was authored by Ankur Saini, with contributions from Hossein Jazi and Jérôme Segura 2022-04-07: Added MITRE ATT&CK mappings 2022-04-07: Changed the name of the final payload from Vidar to Mars Stealer Colibri Loader is a relatively new piece of malware that first appeared on...
Microsoft Task Scheduler Privilege Escalation Vulnerability
A privilege escalation vulnerability exists in the way the Task Scheduler Service validates certain file operations...
KDE KCron 权限许可和访问控制问题漏洞
KDE KCron is a task scheduler. KDE Kcron is vulnerable to privilege permission and access control issues, which could be exploited by an attacker to run unauthorized commands...
VulnCheck KEV: CVE-2010-3338
The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka "Task Scheduler Vulnerability."...
CVE-2021-32810
crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never...
CVE-2021-31769
MyQ Server in MyQ X Smart before 8.2 allows remote code execution by unprivileged users because administrative session data can be read in the %PROGRAMFILES%\MyQ\PHP\Sessions directory. The "Select server file" feature is only intended for administrators but actually does not require authorizatio...
CVE-2021-31769
MyQ Server in MyQ X Smart before 8.2 allows remote code execution by unprivileged users because administrative session data can be read in the %PROGRAMFILES%\MyQ\PHP\Sessions directory. The "Select server file" feature is only intended for administrators but actually does not require authorizatio...
Design/Logic Flaw
MyQ Server in MyQ X Smart before 8.2 allows remote code execution by unprivileged users because administrative session data can be read in the %PROGRAMFILES%\MyQ\PHP\Sessions directory. The "Select server file" feature is only intended for administrators but actually does not require authorizatio...
CVE-2021-31769
CVE-2021-31769 affects MyQ X Smart prior to 8.2. The vulnerability allows remote code execution because administrative session data can be read from %PROGRAMFILES%\MyQ\PHP\Sessions, and the non‑administration‑restricted “Select server file” feature enables attackers to inject arbitrary OS command...
CVE-2021-31769
MyQ Server in MyQ X Smart before 8.2 allows remote code execution by unprivileged users because administrative session data can be read in the %PROGRAMFILES%\MyQ\PHP\Sessions directory. The "Select server file" feature is only intended for administrators but actually does not require authorizatio...
MyQ X 操作系统命令注入漏洞
MyQ X is an application of myq-solution. It neatly organizes past and active projects in one place and centralizes their management in one interface. A security vulnerability exists in MyQ X Smart versions prior to 8.2, which can be exploited by an attacker to inject arbitrary OS commands via the...
Logic flaw vulnerability in hera task scheduling system
hera task scheduler is a distributed task scheduler based on zeus rewrite. The hera Task Scheduler suffers from a logic flaw that can be exploited by an attacker to forge arbitrary login credentials via a built-in hard-coded key...