541 matches found
CVE-2017-17099
There exists an unauthenticated SEH based Buffer Overflow vulnerability in the HTTP server of Flexense SyncBreeze Enterprise v10.1.16. When sending a GET request with an excessive length, it is possible for a malicious user to overwrite the SEH record and execute a payload that would run under th...
EUVD-2017-8265
There exists an unauthenticated SEH based Buffer Overflow vulnerability in the HTTP server of Flexense SyncBreeze Enterprise v10.1.16. When sending a GET request with an excessive length, it is possible for a malicious user to overwrite the SEH record and execute a payload that would run under th...
The vulnerability of the Microsoft JET Database Engine database driver on the Windows operating system allows a hacker to gain control over the system.
The vulnerability of the Microsoft JET Database Engine database driver for the Windows operating system is related to improper handling of objects in memory. Exploiting this vulnerability can allow a malicious actor to gain control over the system remotely...
MS16-014: Description of the security update for Windows: February 9, 2016
MS16-014: Description of the security update for Windows: February 9, 2016 Summary This security update resolves vulnerabilities in Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker is able to log on to a target system and run a specially crafted...
smb-enum-services NSE Script
Retrieves the list of services running on a remote Windows system. Each service attribute contains service name, display name and service status of each service. Note: Modern Windows systems requires a privileged domain account in order to list the services. References: Script Arguments randomsee...
QNAPQsyncClientWindows 4.2.1.0602 Privilege Escalation
Hi @ll, the executable installer QNAPQsyncClientWindows-4.2.1.0602.exe, available from , has like almost all executable installers multiple vulnerabilities: 1: arbitrary remote code execution WITH escalation of privilege On a fully patched Windows 7 SP1 it loads and executes the following Windows...
Updated mingw-nsis packages fix security vulnerability
The Nullsoft Scriptable Install System version 2.50 contains a DLL hijacking attack which allows administrative root level access on the target Windows system...
Microsoft Windows System Information Console Information Disclosure Vulnerability
Microsoft windows is a popular operating system. Microsoft System Information Console does not properly parse XML inputs that contain references to external entities, allowing an attacker to exploit the vulnerability by submitting a special XML request, obtaining sensitive information, and...
Microsoft Windows Multiple Vulnerabilities (KB4025336)
This host is missing a critical security update according to Microsoft KB4025336 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Windows System Information Console Information Disclosure Vulnerability
An information disclosure vulnerability exists in the Microsoft Common Console Document .msc when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity XXE...
Windows System there is a“cannot fix”security vulnerabilities-vulnerability warning-the black bar safety net
Recently, Microsoft for Windows Defender introduced a few patches to address the possible exposure to the Windows users of the vulnerability, but the fact that Microsoft needs to do better, because anti-virus software will still encounter some of the remote code execution vulnerability. One...
IBM finally about 9 months before the discovery of the serious vulnerabilities published mitigation scenarios! But white hat heart wronged-vulnerability warning-the black bar safety net
! Recently, IBM finally for its software product in 9 months ago was discovered a serious vulnerability released a fix it solution, the vulnerability exists in the IBM enterprise backup software, using the vulnerability, an attacker from the local network of the IBM spectrum series data storage a...
The vulnerability of the Windows operating system allows a perpetrator to obtain information that can be used to compromise the target system.
The vulnerability of the Windows DVD Maker application on the Windows operating system is related to improper correction of processed files. Exploiting this vulnerability allows a malicious actor, operating remotely, to obtain information that can be used to compromise the target system using a...
Microsoft Windows Uniscribe Information Disclosure Vulnerability (CNVD-2017-03348)
Microsoft Windows is a series of operating systems released by Microsoft Corporation in the U.S. Uniscribe also known as Unicode Script Processor is one of the components that enables the Windows operating system to correctly present Unicode text. An information disclosure vulnerability exists in...
PT-2017-1598 · Microsoft · Windows +1
Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to the Windows Graphics Device Interface GDI and involves a lack of protection for internal data. This can be exploited by an attacker with local access to obtain...
SMB denial of service vulnerability in the web application on the use-vulnerability warning-the black bar safety net
CVE-2017-0016 SMB 0 day vulnerability can lead to Windows System denial of service, the present article is mainly to explain the vulnerability in a web application use. 2017 2 2 June, security researchers announced a exists in Microsoft Windows SMB in the 0 day Vulnerability, CVE-2017-0016, the...
Cisco WebEx web browser extension allows arbitrary code execution
Overview The Cisco WebEx extensions for Chrome, Firefox, and Internet Explorer allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable Windows system. Description Cisco WebEx is a suite of online meeting software. WebEx meetings are usually joined through a web browser...
Microsoft PowerShell - XML External Entity Injection Vulnerability
Exploit for windows platform in category local exploits + Credits: John Page aka hyp3rlinx Vendor: ================= www.microsoft.com Product: =========== PowerShell PowerShell including Windows PowerShell and PowerShell Core is a task automation and configuration management framework from...
Windows System Information 6.1.7601 XXE Injection
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-MSINFO32-XXE-FILE-EXFILTRATION.txt + ISR: ApparitionSec Vendor: ================= www.microsoft.com Product: ========================== Windows System Information...
Vulnerability of the Windows operating system, allowing a perpetrator to compromise accounts
The vulnerability of the ActiveSyncProvider library in the Windows operating system is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to gain access to accounts by exploiting a flaw in Universal Outlook to establish a secure connection...