85 matches found
MS15-096: Vulnerability in Active Directory Service Could Allow Denial of Service (3072595)
The remote Windows host is affected by a denial of service vulnerability in Active Directory that is triggered during the handling of a saturation of account creations. An authenticated, remote attacker, with privileges to join machines to a domain, can exploit this vulnerability by creating...
MS15-088: Unsafe Command Line Parameter Passing Could Allow Information Disclosure (3082458)
The remote Windows host is affected by an information disclosure vulnerability when files at a medium integrity level become accessible to Internet Explorer running in Enhanced Protection Mode EPM. An attacker can exploit this vulnerability by leveraging another vulnerability to execute code in I...
CVE-2015-2387
ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted...
Security update for xen (important)
Xen was updated to 4.4.2 to fix multiple vulnerabilities and non-security bugs. The following vulnerabilities were fixed: CVE-2015-4103: Potential unintended writes to host MSI message data field via qemu XSA-128 boo931625 CVE-2015-4104: PCI MSI mask bits inadvertently exposed to guests XSA-129...
MS15-045: Vulnerability in Windows Journal Could Allow Remote Code Execution (3046002)
The version of Windows running on the remote host is affected by a remote code execution vulnerability due to a flaw in Windows Journal. A remote attacker can exploit this vulnerability by convincing a user to open a specially crafted Journal file .jnt, resulting in execution of arbitrary code in...
MS15-052: Vulnerability in Windows Kernel Could Allow Security Feature Bypass (3050514)
The remote Windows host is affected by a security feature bypass vulnerability due to a failure to properly validate memory addresses by the Windows kernel. A remote attacker can exploit this flaw, via a specially crafted application, to bypass the Kernel Address Space Layout Randomization KASLR,...
[security bulletin] HPSBGN03307 rev.1 - HP Intelligent Provisioning, Disclosure of Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04626732 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04626732 Version: 1 HPSBGN03307 rev....
HP Intelligent Provisioning Information Disclosure Vulnerability
HP Intelligent Provisioning is the server configuration tool. An information disclosure vulnerability exists in HP Intelligent Provisioning versions 1.40-1.60 on Windows 2008 R2 and Windows 2012 platforms. The vulnerability could be exploited by an attacker to obtain sensitive information...
Intel Network Adapter Diagnostic Driver - IOCTL Handling
Intel Network Adapter Diagnostic Driver - IOCTL Handling / Intel Network Adapter Diagnostic Driver IOCTL Handling Vulnerability Vendor: Intel Product webpage: http://www.intel.com Affected products: Network Adapter Driver for Windows XP Network Adapter Driver for Windows 7 Network Adapter Driver...
Windows 2012/2012R2 leaks memory when a hardware snapshot is created multiple times on a CSV
Challenge Windows 2012 / 2012 R2 Hyper-V hosts leak memory when a hardware snapshot is created/removed multiple times on a CSV with a hardware provider. Cause Windows 2012 / 2012 R2 Hyper-V hosts leak memory when a snapshot is created on a CSV using hardware provider. Due to the fact that only a...
MS14-064 Microsoft Windows OLE Package Manager Code Execution
This module exploits a vulnerability found in Windows Object Linking and Embedding OLE allowing arbitrary code execution, publicly exploited in the wild as MS14-060 patch bypass. The Microsoft update tried to fix the vulnerability publicly known as "Sandworm". Platforms such as Windows Vista SP2...
MS14-071: Vulnerability in Windows Audio Service Could Allow Elevation of Privilege (3005607)
The remote Windows host is affected by a vulnerability in the Windows Audio service component that allows privilege escalation. A remote attacker could exploit this vulnerability to elevate privileges but not execute code. C Tenable Network Security, Inc. include"compat.inc"; if description...
HP Data Protector Manager 8.10 - Remote Command Execution
Exploit for windows platform in category remote exploits !/usr/bin/python Exploit Title: HP-Data-Protector-8.10 Remote command execution. Date: July 11 2014 Exploit Author: Christian Polunchis Ramirez https://intrusionlabs.org Exploit Author: Henoch Chanoc Barrera https://intrusionlabs.org...
HP Data Protection Manager 8.10 Remote Command Execution
!/usr/bin/python Exploit Title: HP-Data-Protector-8.10 Remote command execution. Date: July 11 2014 Exploit Author: Christian Polunchis Ramirez https://intrusionlabs.org Exploit Author: Henoch Chanoc Barrera https://intrusionlabs.org Contacts: [email protected] and...
HP Data Protector Manager 8.10 - Remote Command Execution
HP Data Protector Manager 8.10 - Remote Command Execution !/usr/bin/python Exploit Title: HP-Data-Protector-8.10 Remote command execution. Date: July 11 2014 Exploit Author: Christian Polunchis Ramirez https://intrusionlabs.org Exploit Author: Henoch Chanoc Barrera https://intrusionlabs.org...
MS14-041: Vulnerability in Microsoft DirectShow Could Allow Elevation of Privilege (2975681)
The remote Windows host is affected by a vulnerability in Microsoft DirectShow that could allow privilege escalation. Note that this issue can only be exploited if an attacker first successfully exploits another vulnerability in a low integrity process. C Tenable Network Security, Inc...
MS14-005: Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure (2916036)
The remote host contains a version of Microsoft XML Core Services that is affected by an information disclosure vulnerability that could allow an attacker to read files on the local file system of a user, or read content of web domains where a user is currently authenticated. C Tenable Network...
MS14-007: Vulnerability in Direct2D Could Allow Remote Code Execution (2912390)
The remote Windows host is affected by a remote code execution vulnerability due to the way Windows components handle 2D geometric figures. An attacker could exploit this vulnerability to take complete control over a target system by tricking a user into viewing a specially crafted figure in...
MS13-062: Vulnerability in Remote Procedure Call Could Allow Elevation of Privilege (2849470)
The remote host contains a flaw in the way that Windows handles asynchronous RPC requests, which can lead to elevation of privileges. An attacker could exploit this issue to run arbitrary code and take complete control of an affected system. C Tenable Network Security, Inc. include"compat.inc"; i...
MS13-057: Vulnerability in Windows Media Format Runtime Could Allow Remote Code Execution (2847883)
The remote Windows host is potentially affected by a vulnerability that could allow remote code execution if a user opens a malicious media file. Successful exploitation of this vulnerability could allow an attacker to gain the same user rights as the local user. C Tenable Network Security, Inc...