EUVD-2017-14488

Malware in sbrugna...

Google Chrome Proxy Unauthorized Access Vulnerability

Google Chrome is a web browser developed by Google, Inc. and Proxy is one of the proxy components. A security vulnerability exists in Proxy in Google Chrome versions prior to 71.0.3578.80, which stems from insufficient policy enforcement. The vulnerability can be exploited to gain unauthorized...

November 8, 2016 — KB3198586 (OS Build 10586.679)

November 8, 2016 — KB3198586 OS Build 10586.679 This update includes quality improvements and security updates. No new operating system features are being introduced in this update. Key changes include: Improved the reliability of the Windows shell, Microsoft Edge, and Internet Explorer 11...

Microsoft Windows: Service: WinHTTP Web Proxy Auto-Discovery Service

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winhttpwebproxyautodiscovery.nasl 11344 2018-09-12 06:57:52Z emoss $ Check value for WinHTTP Web Proxy Auto-Discovery Service WinHttpAutoProxySvc Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...

Code injection

Proxy Auto-Config PAC files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed t...

CVE-2017-5384

CVE-2017-5384 : Information disclosure via Proxy Auto-Config (PAC) in Firefox

Windows: use-after-free in jscript!NameTbl::GetValDef(CVE-2017-11903)

There is a use-after-free vulnerability in jscript.dll. This issue could potentially be exploited through multiple vectors: - An attacker on the local network could exploit this issue by posing as a WPAD Web Proxy Auto-Discovery host and sending a malicious wpad.dat file to the victim. This works...

Microsoft Windows jscript!RegExpComp::Compile Heap Overflow Exploit

There is a heap overflow in jscript.dll when compiling a regex. This issue could potentially be exploited through multiple vectors. Windows: Heap overflow in jscript!RegExpComp::Compile through IE or local network via WPAD CVE-2017-11890 There is a heap overflow in jscript.dll when compiling a...

Microsoft Windows - 'jscript!JsArraySlice' Uninitialized Variable

var x = new URIErrornew Array, undefined, undefined; String.prototype.localeCompare.callx, new Date0, 0, 0, 0, 0, 0, undefined; Array.prototype.slice.call1; !-- ============================================ Technical details: The issue is in jscript!JsArraySlice Array.prototype.slice.call in the P...

Microsoft Windows - jscript!RegExpComp::Compile Heap Overflow Through IE or Local Network via WPAD

Microsoft Windows - jscript!RegExpComp::Compile Heap Overflow Through IE or Local Network via WPAD var s = 'a'; forvar i=0;i...

Microsoft Windows jscript!RegExpComp::Compile Heap Overflow

Windows: Heap overflow in jscript!RegExpComp::Compile through IE or local network via WPAD CVE-2017-11890 There is a heap overflow in jscript.dll when compiling a regex. This issue could potentially be exploited through multiple vectors: - An attacker on the local network could exploit this issue...

USN-3175-2: Firefox regression

USN-3175-1 fixed vulnerabilities in Firefox. The update caused a regression on systems where the AppArmor profile for Firefox is set to enforce mode. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple memory safety issues were discovered in...

The vulnerability of the Windows operating system, which allows a hacker to redirect network traffic

The vulnerability of the Web Proxy Auto Discovery protocol in the Windows operating system is related to incorrect data processing. Exploiting this vulnerability allows a malicious actor to redirect network traffic remotely...

CVE-2016-3236

The Web Proxy Auto Discovery WPAD protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles proxy discovery, which allows remote attackers to...

CVE-2016-3213

The Web Proxy Auto Discovery WPAD protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 9 through 11 has an improper fallback mechanis...

Privilege escalation

The Web Proxy Auto Discovery WPAD protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles proxy discovery, which allows remote attackers to...

PT-2016-2168

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version Description The issue is related to the Web Proxy Auto Discovery WPAD protocol implementation, which mishandles proxy discovery. This allows remote attackers to redirect network traffic via...

Microsoft DNS Server WPAD Registration Spoofing (MS09-008; CVE-2009-0093)

WPAD feature enables web clients to automatically detect proxy settings without user intervention. A Web Proxy Auto-Discovery WPAD registration spoofing vulnerability has been reported in Microsoft DNS servers. The vulnerability is due to an error in the Windows DNS server that fails to correctly...

Microsoft Web Proxy Auto-Discovery代理欺骗漏洞

BUGTRAQ ID: 26686 CVE ID:CVE-2007-5355 CNCVE ID:CNCVE-20075355 Microsoft Web Proxy是一款支持WEB代理服务程序。 Microsoft Web Proxy Auto-Discovery存在设计问题，远程攻击者可以利用漏洞获得敏感信息对系统进行进一步攻击。 此漏洞影响Web Proxy Auto-Discovery WPAD，目前Microsoft没有接收到任何在公告场合利用此漏洞攻击客户的信息，根据调查，拥有第三级或更深级域名的“contoso.co.us”客户将受此漏洞影响。目前没有详细漏洞细节提供。...

CVE-2007-5355

The CVE describes a design/logic issue in Microsoft WPAD for Internet Explorer 6/7 where, if a primary DNS suffix has three or more components, unqualified wpad queries can resolve to a host in a deeper second-level domain outside the configured DNS zone, enabling potential MITM by remote WPAD se...