Lucene search
K

541 matches found

Cvelist
Cvelist
added 2017/12/03 9:0 p.m.21 views

CVE-2017-17099

There exists an unauthenticated SEH based Buffer Overflow vulnerability in the HTTP server of Flexense SyncBreeze Enterprise v10.1.16. When sending a GET request with an excessive length, it is possible for a malicious user to overwrite the SEH record and execute a payload that would run under th...

7.8AI score0.11831EPSS
Exploits2References2
EUVD
EUVD
added 2017/12/03 9:0 p.m.4 views

EUVD-2017-8265

There exists an unauthenticated SEH based Buffer Overflow vulnerability in the HTTP server of Flexense SyncBreeze Enterprise v10.1.16. When sending a GET request with an excessive length, it is possible for a malicious user to overwrite the SEH record and execute a payload that would run under th...

7.8CVSS7.9AI score0.11831EPSS
Exploits2References2
BDU FSTEC
BDU FSTEC
added 2017/11/10 12:0 a.m.5 views

The vulnerability of the Microsoft JET Database Engine database driver on the Windows operating system allows a hacker to gain control over the system.

The vulnerability of the Microsoft JET Database Engine database driver for the Windows operating system is related to improper handling of objects in memory. Exploiting this vulnerability can allow a malicious actor to gain control over the system remotely...

9.3CVSS7.4AI score0.23961EPSS
Exploits0References4
Microsoft KB
Microsoft KB
added 2017/09/21 12:0 a.m.82 views

MS16-014: Description of the security update for Windows: February 9, 2016

MS16-014: Description of the security update for Windows: February 9, 2016 Summary This security update resolves vulnerabilities in Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker is able to log on to a target system and run a specially crafted...

6.2CVSS7.2AI score0.13392EPSS
Exploits4
Nmap
Nmap
added 2017/09/05 6:19 p.m.421 views

smb-enum-services NSE Script

Retrieves the list of services running on a remote Windows system. Each service attribute contains service name, display name and service status of each service. Note: Modern Windows systems requires a privileged domain account in order to list the services. References: Script Arguments randomsee...

10CVSS9.2AI score0.99448EPSS
Exploits33
Packet Storm
Packet Storm
added 2017/08/18 12:0 a.m.50 views

QNAPQsyncClientWindows 4.2.1.0602 Privilege Escalation

Hi @ll, the executable installer QNAPQsyncClientWindows-4.2.1.0602.exe, available from , has like almost all executable installers multiple vulnerabilities: 1: arbitrary remote code execution WITH escalation of privilege On a fully patched Windows 7 SP1 it loads and executes the following Windows...

1AI score
Exploits0
Mageia
Mageia
added 2017/08/16 12:1 a.m.17 views

Updated mingw-nsis packages fix security vulnerability

The Nullsoft Scriptable Install System version 2.50 contains a DLL hijacking attack which allows administrative root level access on the target Windows system...

4.1AI score
Exploits0References2
CNVD
CNVD
added 2017/07/13 12:0 a.m.3 views

Microsoft Windows System Information Console Information Disclosure Vulnerability

Microsoft windows is a popular operating system. Microsoft System Information Console does not properly parse XML inputs that contain references to external entities, allowing an attacker to exploit the vulnerability by submitting a special XML request, obtaining sensitive information, and...

5.5CVSS6.9AI score0.01541EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2017/07/12 12:0 a.m.53 views

Microsoft Windows Multiple Vulnerabilities (KB4025336)

This host is missing a critical security update according to Microsoft KB4025336 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS6.6AI score0.58078EPSS
Exploits10References29
Microsoft CVE
Microsoft CVE
added 2017/07/11 7:0 a.m.38 views

Windows System Information Console Information Disclosure Vulnerability

An information disclosure vulnerability exists in the Microsoft Common Console Document .msc when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity XXE...

5.5CVSS4.5AI score0.01541EPSS
Exploits0
myhack58
myhack58
added 2017/06/17 12:0 a.m.27 views

Windows System there is a“cannot fix”security vulnerabilities-vulnerability warning-the black bar safety net

Recently, Microsoft for Windows Defender introduced a few patches to address the possible exposure to the Windows users of the vulnerability, but the fact that Microsoft needs to do better, because anti-virus software will still encounter some of the remote code execution vulnerability. One...

Exploits0
myhack58
myhack58
added 2017/06/09 12:0 a.m.41 views

IBM finally about 9 months before the discovery of the serious vulnerabilities published mitigation scenarios! But white hat heart wronged-vulnerability warning-the black bar safety net

! Recently, IBM finally for its software product in 9 months ago was discovered a serious vulnerability released a fix it solution, the vulnerability exists in the IBM enterprise backup software, using the vulnerability, an attacker from the local network of the IBM spectrum series data storage a...

7.3AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2017/04/06 12:0 a.m.8 views

The vulnerability of the Windows operating system allows a perpetrator to obtain information that can be used to compromise the target system.

The vulnerability of the Windows DVD Maker application on the Windows operating system is related to improper correction of processed files. Exploiting this vulnerability allows a malicious actor, operating remotely, to obtain information that can be used to compromise the target system using a...

4.3CVSS6.2AI score0.06581EPSS
Exploits5References4
CNVD
CNVD
added 2017/03/17 12:0 a.m.2 views

Microsoft Windows Uniscribe Information Disclosure Vulnerability (CNVD-2017-03348)

Microsoft Windows is a series of operating systems released by Microsoft Corporation in the U.S. Uniscribe also known as Unicode Script Processor is one of the components that enables the Windows operating system to correctly present Unicode text. An information disclosure vulnerability exists in...

4.3CVSS6.3AI score0.22471EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2017/03/14 12:0 a.m.3 views

PT-2017-1598 · Microsoft · Windows +1

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to the Windows Graphics Device Interface GDI and involves a lack of protection for internal data. This can be exploited by an attacker with local access to obtain...

5.5CVSS6.3AI score0.15939EPSS
Exploits1References9
myhack58
myhack58
added 2017/03/06 12:0 a.m.63 views

SMB denial of service vulnerability in the web application on the use-vulnerability warning-the black bar safety net

CVE-2017-0016 SMB 0 day vulnerability can lead to Windows System denial of service, the present article is mainly to explain the vulnerability in a web application use. 2017 2 2 June, security researchers announced a exists in Microsoft Windows SMB in the 0 day Vulnerability, CVE-2017-0016, the...

0.1AI score0.2373EPSS
Exploits1
CERT
CERT
added 2017/01/27 12:0 a.m.83 views

Cisco WebEx web browser extension allows arbitrary code execution

Overview The Cisco WebEx extensions for Chrome, Firefox, and Internet Explorer allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable Windows system. Description Cisco WebEx is a suite of online meeting software. WebEx meetings are usually joined through a web browser...

9.3CVSS8.7AI score0.27231EPSS
Exploits6References6
0day.today
0day.today
added 2016/12/06 12:0 a.m.48 views

Microsoft PowerShell - XML External Entity Injection Vulnerability

Exploit for windows platform in category local exploits + Credits: John Page aka hyp3rlinx Vendor: ================= www.microsoft.com Product: =========== PowerShell PowerShell including Windows PowerShell and PowerShell Core is a task automation and configuration management framework from...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2016/12/05 12:0 a.m.93 views

Windows System Information 6.1.7601 XXE Injection

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-MSINFO32-XXE-FILE-EXFILTRATION.txt + ISR: ApparitionSec Vendor: ================= www.microsoft.com Product: ========================== Windows System Information...

7.4AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2016/08/23 12:0 a.m.6 views

Vulnerability of the Windows operating system, allowing a perpetrator to compromise accounts

The vulnerability of the ActiveSyncProvider library in the Windows operating system is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to gain access to accounts by exploiting a flaw in Universal Outlook to establish a secure connection...

5CVSS7.7AI score0.09654EPSS
Exploits0References3
Rows per page
Query Builder