Lucene search
K

124 matches found

NVD
NVD
added 2018/10/12 2:29 p.m.20 views

CVE-2018-17892

NUUO CMS all versions 3.1 and prior, The application implements a method of user account control that causes standard account security features to not be utilized as intended, which could allow user account compromise and may allow for remote code execution...

8.8CVSS9.4AI score0.02783EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/10/12 2:0 p.m.14 views

CVE-2018-17892

NUUO CMS all versions 3.1 and prior, The application implements a method of user account control that causes standard account security features to not be utilized as intended, which could allow user account compromise and may allow for remote code execution...

9AI score0.02783EPSS
Exploits0References2
CVE
CVE
added 2018/10/12 2:0 p.m.41 views

CVE-2018-17892

NUUO CMS (versions 3.1 and prior) contains a vulnerability described as Incorrect Permission Assignment for Critical Resource (CWE-732) that could allow a user account compromise and potentially remote code execution. This CVE is associated with CVE-2018-17892. The issue is documented across mult...

8.8CVSS9.3AI score0.02783EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2018/07/03 12:0 a.m.1 views

Microsoft Windows UAC Protection Bypass Vulnerability

Microsoft Windows is a set of operating systems developed by Microsoft Corporation in the United States. Microsoft Windows suffers from a UAC protection bypass vulnerability. As the program fails to check input identity data. An attacker could exploit the vulnerability to gain administrator acces...

6.9AI score
Exploits0References1
OpenVAS
OpenVAS
added 2018/06/12 12:0 a.m.136 views

Microsoft Windows: User Account Control: Run all administrators in Admin Approval Mode

This policy setting determines the behavior of all User Account Control UAC policies for the entire system. This is the setting that turns UAC on or off. C Microsoft Corporation 2017. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, an...

7.3AI score
Exploits0References5
OpenVAS
OpenVAS
added 2018/06/12 12:0 a.m.126 views

Microsoft Windows: User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop

This security setting controls whether User Interface Accessibility UIAccess or UIA programs can automatically disable the secure desktop for elevation prompts that are used by a standard user. Note: This setting does not change the behavior of the UAC elevation prompt for administrators. C...

7.4AI score
Exploits0References2
OpenVAS
OpenVAS
added 2018/06/12 12:0 a.m.17 views

Microsoft Windows: User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode

This policy setting determines the behavior of the elevation prompt for accounts that have administrative credentials. C Microsoft Corporation 2017. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

7.3AI score
Exploits0References5
OpenVAS
OpenVAS
added 2018/06/12 12:0 a.m.60 views

Microsoft Windows: User Account Control: Only elevate UIAccess applications that are installed in secure locations

This policy setting enforces the requirement that apps that request running with a UIAccess integrity level by means of a marking of UIAccess=true in their app manifest, must reside in a secure location on the file system. Relatively secure locations are limited to the following directories: -...

7.2AI score
Exploits0References5
OpenVAS
OpenVAS
added 2018/06/12 12:0 a.m.38 views

Microsoft Windows: User Account Control: Admin Approval Mode for the Built-in Administrator account

This policy setting determines the behavior of Admin Approval Mode for the built-in administrator account. When the Admin Approval Mode is enabled, the local administrator account functions like a standard user account, but it has the ability to elevate privileges without logging on by using a...

7.3AI score
Exploits0References5
OpenVAS
OpenVAS
added 2018/06/12 12:0 a.m.19 views

Microsoft Windows: User Account Control: Virtualize file and registry write failures to per-user locations

This policy setting enables or disables the redirection of the write failures of earlier applications to defined locations in the registry and the file system. This feature mitigates applications that historically ran as administrator and wrote runtime application data to %ProgramFiles%, %Windir%...

7.3AI score
Exploits0References5
OpenVAS
OpenVAS
added 2018/06/12 12:0 a.m.20 views

Microsoft Windows: User Account Control: Behavior of the elevation prompt for standard users

This policy setting determines the behavior of the elevation prompt for standard users. C Microsoft Corporation 2017. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

7.3AI score
Exploits0References5
OpenVAS
OpenVAS
added 2018/06/12 12:0 a.m.18 views

Microsoft Windows: User Account Control: Switch to the secure desktop when prompting for elevation

This policy setting determines whether the elevation request prompts on the interactive user desktop or on the secure desktop. The secure desktop presents the logon UI and restricts functionality and access to the system until the logon requirements are satisfied. The secure desktop...

7.3AI score
Exploits0References5
ThreatPost
ThreatPost
added 2018/03/26 5:9 p.m.11 views

Sanny Malware Updates Delivery Method

The group behind Sanny malware attacks has made significant changes to the way it delivers their payload. According to new research by FireEye, the attackers have upgraded their delivery techniques when it comes to planting malware on systems via document attachments sent as part of spam and...

7.6AI score
Exploits0References1
FireEye
FireEye
added 2018/03/23 3:0 p.m.15 views

SANNY Malware Delivery Method Updated in Recently Observed Attacks

Introduction In the third week of March 2018, through FireEye’s Dynamic Threat Intelligence, FireEye discovered malicious macro-based Microsoft Word documents distributing SANNY malware to multiple governments worldwide. Each malicious document lure was crafted in regard to relevant regional...

7.7AI score
Exploits0References1
FireEye
FireEye
added 2018/03/23 11:0 a.m.520 views

SANNY Malware Delivery Method Updated in Recently Observed Attacks

Introduction In the third week of March 2018, through FireEye’s Dynamic Threat Intelligence, FireEye discovered malicious macro-based Microsoft Word documents distributing SANNY malware to multiple governments worldwide. Each malicious document lure was crafted in regard to relevant regional...

7.9AI score
Exploits0
n0where
n0where
added 2018/03/18 9:45 p.m.52 views

Disable Risky Windows Features: Hardentools

Hardentools is a collection of simple utilities designed to disable a number of “features” exposed by operating systems Microsoft Windows, for now, and primary consumer applications. These features, commonly thought for Enterprise customers, are generally useless to regular users and rather pose ...

0.5AI score
Exploits0References1
Schneier on Security
Schneier on Security
added 2018/02/02 12:38 p.m.20 views

Signed Malware

Stuxnet famously used legitimate digital certificates to sign its malware. A research paper from last year found that the practice is much more common than previously thought. Now, researchers have presented proof that digitally signed malware is much more common than previously believed. What's...

7.1AI score
Exploits0
Microsoft KB
Microsoft KB
added 2017/12/12 8:0 a.m.151 views

Description of the security update for Microsoft Exchange: December 12, 2017

Description of the security update for Microsoft Exchange: December 12, 2017 Summary This security update resolves a vulnerability in Microsoft Exchange Outlook Web Access OWA. The vulnerability could allow elevation of privilege or spoofing in Microsoft Exchange Server if an attacker sends an...

8.1CVSS5.7AI score0.06559EPSS
Exploits0
OpenVAS
OpenVAS
added 2017/12/06 12:0 a.m.14 views

Read the config of the User Account Control feature over SMB

Read the config of the User Account Control feature over SMB from Registry SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.3AI score
Exploits0
Hacker One
Hacker One
added 2017/09/05 7:3 a.m.114 views

Snapchat: Stealing SSO Login Tokens (snappublisher.snapchat.com)

Description Attacker can steal SSO login tokens for snappublisher.snapchat.com by chaining different flaws in SSO and Snapchat’s Snappublisher tool. Detailed attack flow is as follows. Attack Flow 1.. Snapchat fetches a SSO LOGIN TOKEN from accounts.snapchat.com to login into different products o...

7.2AI score
Exploits0
Rows per page
Query Builder