Lucene search
+L

121 matches found

OpenVAS
OpenVAS
added 2016/08/05 12:0 a.m.62 views

Web Proxy Auto-Discovery Protocol Information Disclosure Vulnerability (badWPAD) - Active Check

The Web Proxy Auto-Discovery Protocol WPAD is a method used by clients to locate the URL of a configuration file using DHCP and/or DNS discovery methods. Once detection and download of the configuration file is complete, it can be executed to determine the proxy for a specified URL. There are kno...

7.5AI score
Exploits0References2
CERT
CERT
added 2016/08/04 12:0 a.m.88 views

Proxy auto-config (PAC) files have access to full HTTPS URLs

Overview Web proxy auto-config PAC files are passed the full HTTPS URL in GET requests which may expose sensitive data. Description CWE-212: Improper Cross-boundary Removal of Sensitive Data - CVE-2016-5134 Google, CVE-2016-1801 AppleWeb proxy auto-configuration files proxy.pac have access to the...

7.5CVSS7.9AI score0.03716EPSS
Exploits0References2
ThreatPost
ThreatPost
added 2016/08/01 9:0 a.m.21 views

New HTTPS URL Leakage Attack Leaves PCs, Macs, Linux Systems Vulnerable

LAS VEGAS — Researchers have found flaws in the Web Proxy AutoDiscovery protocol tied to DHCP and DNS servers that allow hackers spy on HTTPS-protected URLs and launch a myriad of different malicious attacks against Linux, Windows or Mac computers. According to the security firm SafeBreach, this...

0.4AI score
Exploits0References3
myhack58
myhack58
added 2016/06/19 12:0 a.m.20 views

BadTunnel: Cross-Segment hijacking the broadcast Protocol-vulnerability warning-the black bar safety net

! 0x00 introduction This paper proposes a new attack model, can cross network segment hijacking the TCP/IP broadcast Protocol, we named it“BadTunnel” in. Using this method, you can achieve cross-subnet NetBIOS Name Service Spoofing attacks. Both the attacker and the user are in the same network...

7.3AI score
Exploits0
NVD
NVD
added 2016/06/16 1:59 a.m.17 views

CVE-2016-3236

The Web Proxy Auto Discovery WPAD protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles proxy discovery, which allows remote attackers to...

10CVSS9.4AI score0.77658EPSS
Exploits2References2
NVD
NVD
added 2016/06/16 1:59 a.m.19 views

CVE-2016-3213

The Web Proxy Auto Discovery WPAD protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 9 through 11 has an improper fallback mechanis...

9.3CVSS8.8AI score0.70288EPSS
Exploits2References4
Prion
Prion
added 2016/06/16 1:59 a.m.21 views

Privilege escalation

The Web Proxy Auto Discovery WPAD protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 9 through 11 has an improper fallback mechanis...

9.3CVSS7.3AI score0.70288EPSS
Exploits2References4Affected Software4
CVE
CVE
added 2016/06/16 1:0 a.m.124 views

CVE-2016-3236

CVE-2016-3236 affects the WPAD proxy discovery implementation in multiple Windows editions (Vista through Windows 10). The weakness arises when WPAD proxy discovery is mishandled, which could allow a remote attacker to redirect network traffic via unspecified vectors, effectively an elevation of ...

10CVSS9.1AI score0.77658EPSS
Exploits2References2Affected Software7
Cvelist
Cvelist
added 2016/06/16 1:0 a.m.37 views

CVE-2016-3236

The Web Proxy Auto Discovery WPAD protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles proxy discovery, which allows remote attackers to...

9.3AI score0.77658EPSS
Exploits2References2
Cvelist
Cvelist
added 2016/06/16 1:0 a.m.34 views

CVE-2016-3213

The Web Proxy Auto Discovery WPAD protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 9 through 11 has an improper fallback mechanis...

8.7AI score0.70288EPSS
Exploits2References4
CVE
CVE
added 2016/06/16 1:0 a.m.93 views

CVE-2016-3213

CVE-2016-3213 covers WPAD Elevation of Privilege in Windows where WPAD proxy discovery falls back to a NetBIOS name response, enabling privilege escalation via spoofed NetBIOS WPAD responses. Exploitation hinges on NetBIOS name queries for WPAD; attacker can respond to NetBIOS requests to influen...

9.3CVSS8.6AI score0.70288EPSS
Exploits2References4Affected Software8
CNVD
CNVD
added 2016/06/16 12:0 a.m.6 views

Elevation of Privilege Vulnerability Found in Microsoft Windows WPAD Agent

Microsoft Windows is a series of operating systems released by the American company Microsoft. An elevation of privilege vulnerability exists in Microsoft Windows that stems from a program's inability to properly handle certain proxy discovery scenarios using the Web Proxy Autodiscovery WPAD...

10CVSS7.1AI score0.77658EPSS
Exploits2References1
ThreatPost
ThreatPost
added 2016/06/15 3:23 p.m.57 views

Patched BadTunnel Windows Bug Has 'Extensive' Impact

Among the more than three dozen vulnerabilities Microsoft patched on Tuesday was a fix for a bug that the researcher who found it said has “probably the widest impact in the history of Windows.” “There were also some wide impact vulnerabilities before, but maybe not like this extensive,” Chinese...

9.3CVSS0.2AI score0.99945EPSS
Exploits35References2
OpenVAS
OpenVAS
added 2016/06/15 12:0 a.m.138 views

Microsoft Web Proxy Auto Discovery (WPAD) Privilege Elevation Vulnerabilities (3165191)

This host is missing an important security update according to Microsoft Bulletin MS16-077. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

10CVSS6.5AI score0.77658EPSS
Exploits2References5
Microsoft CVE
Microsoft CVE
added 2016/06/14 7:0 a.m.65 views

WPAD Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Microsoft Windows when the Web Proxy Auto Discovery WPAD protocol falls back to a vulnerable proxy discovery process. An attacker who successfully exploited this vulnerability could bypass security and gain elevated privileges on a targeted system...

9.3CVSS8.9AI score0.70288EPSS
Exploits2
Microsoft CVE
Microsoft CVE
added 2016/06/14 7:0 a.m.44 views

Windows WPAD Proxy Discovery Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Microsoft Windows improperly handles certain proxy discovery scenarios using the Web Proxy Auto Discovery WPAD protocol method. An attacker who successfully exploited the vulnerability could potentially access and control network traffic for whi...

10CVSS4.2AI score0.77658EPSS
Exploits2
Microsoft KB
Microsoft KB
added 2016/06/14 7:0 a.m.73 views

MS16-077: Description of the security update for WPAD: June 14, 2016

None None...

10CVSS6.7AI score0.77658EPSS
Exploits2
Symantec
Symantec
added 2016/06/14 12:0 a.m.57 views

Microsoft Windows CVE-2016-3236 WPAD Remote Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Successful exploits may aid in further attacks. Technologies Affected Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based...

10CVSS9.5AI score0.77658EPSS
Exploits2Affected Software3
Check Point Advisories
Check Point Advisories
added 2016/06/14 12:0 a.m.40 views

Microsoft Windows WPAD Proxy Discovery Elevation of Privilege (MS16-077; CVE-2016-3236)

An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is due to improper handling of certain proxy discovery scenarios using the Web Proxy Autodiscovery WPAD protocol method. A remote attacker can exploit this issue by sending specially crafted NBNS responses...

10CVSS8.7AI score0.77658EPSS
Exploits2
Microsoft KB
Microsoft KB
added 2016/06/14 12:0 a.m.105 views

MS16-077: Security update for WPAD: June 14, 2016

Resolves vulnerabilities in Windows that could allow elevation of privilege if the Web Proxy Auto Discovery WPAD protocol falls back to a vulnerable proxy discovery process on a target system.SummaryThis security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allo...

10CVSS0.3AI score0.77658EPSS
Exploits2
Rows per page
Query Builder