244 matches found
CVE-2017-17793
Information Disclosure vulnerability in creerfichierzip in admin/maintenance.php in BlogoText through 3.7.6 allows remote attackers to defeat a filename-randomization protection mechanism, and read backup archives on Windows servers, by providing the archiv1.zip name aka an 8.3 filename...
Fileless UAC Bypass Uses Windows Backup and Restore Utility
One nugget buried in a recent Vault 7 dump was a bypass of User Account Controls in Windows 7 that allows applications to execute code without triggering the familiar prompt to the user that something may be afoot. Microsoft has not, in the past, considered UAC bypasses a security boundary that...
Windows Backup Manager Remote Code Execution Vulnerability (2478935)
This host is missing a critical security update according to Microsoft Bulletin MS11-001. OpenVAS Vulnerability Test $Id: secpodms11-001.nasl 5362 2017-02-20 12:46:39Z cfi $ Windows Backup Manager Remote Code Execution Vulnerability 2478935 Authors: Sooraj KS Copyright: Copyright c 2011 SecPod,...
MS11-001: Vulnerability in Windows Backup Manager Could Allow Remote Code Execution (2478935)
The remote Windows host contains a version of the Windows Backup Manager that incorrectly restricts the path used for loading external libraries. If an attacker can trick a user into opening a specially crafted Windows Backup manager file that is located in the same network directory as a special...