Lucene search
K

173 matches found

OpenVAS
OpenVAS
added 2018/06/01 12:0 a.m.132 views

Microsoft Windows: Interactive logon: Machine account lockout threshold

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winilmachineacclockoutthreshold.nasl 11532 2018-09-21 19:07:30Z cfischer $ Check value for Interactive logon: Machine account lockout threshold Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...

7.3AI score
Exploits0
Kitploit
Kitploit
added 2018/05/15 10:5 p.m.26 views

Honeybits - A Simple Tool Designed To Enhance The Effectiveness Of Your Traps By Spreading Breadcrumbs & Honeytokens Across Your Systems

A simple tool designed to enhance the effectiveness of your traps by spreading breadcrumbs & honeytokens across your production servers and workstations to lure the attacker toward your honeypots. Author: Adel "0x4D31" Karimi. Background The problem with the traditional implementation of honeypot...

7.4AI score
Exploits0References3
ThreatPost
ThreatPost
added 2018/02/13 5:1 p.m.157 views

Two Nasty Outlook Bugs Fixed in Microsoft’s Feb. Patch Tuesday Update

Microsoft issued 50 security fixes as part of its February Patch Tuesday release, covering vulnerabilities in Windows, Office, Internet Explorer, Edge and its JavaScript engine ChakraCore. Fourteen of the vulnerabilities are labeled as critical, 34 as important and two as moderate. Two notable...

9.3CVSS0.8AI score0.2043EPSS
Exploits0References7
Packet Storm
Packet Storm
added 2017/12/20 12:0 a.m.91 views

TP-Link TL-SG108E XSS / Weak Access Control

Overview ------------- Three vulnerabilities have been discovered in the TP-Link TL-SG108E, firmware 1.0.0 Build 20160722 Rel.50167: CVE-2017-17745 - Cross Site Scripting XSS in systemnameset.cgi, sysName parameter CVE-2017-17746 - Weak access control for user authentication CVE-2017-17747 - Weak...

0.6AI score0.02039EPSS
Exploits5
Microsoft CVE
Microsoft CVE
added 2017/06/13 7:0 a.m.42 views

Microsoft Outlook Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially crafted email messages. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or...

9.3CVSS2.6AI score0.19605EPSS
Exploits0
OSV
OSV
added 2017/05/10 2:29 p.m.4 views

UBUNTU-CVE-2017-8879

Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation...

6.8CVSS6.8AI score0.00439EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2017/05/10 12:0 a.m.11 views

PT-2017-18601 · Dolibarr · Dolibarr Erp/Crm

Name of the Vulnerable Software and Affected Versions: Dolibarr ERP/CRM version 4.0.4 Description: The issue allows password changes without requiring the current password, making it easier for attackers with physical access to obtain access via an unattended workstation. Recommendations: For...

6.8CVSS6.6AI score0.00439EPSS
Exploits1References8
Hewlett-Packard
Hewlett-Packard
added 2017/05/04 12:0 a.m.93 views

HPSBHF03557 rev. 1 - Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Remote Privilege Escalation

Potential Security Impact Remote escalation of privilege on provisioned systems or local escalation of privilege on unprovisioned systems. VULNERABILITY SUMMARY A security vulnerability has been discovered in Intel’s manageability firmware that impacts all Intel OEMs. This vulnerability is a...

2CVSS1.4AI score0.92189EPSS
Exploits7
ThreatPost
ThreatPost
added 2017/03/22 11:48 a.m.24 views

SAP Vulnerability Puts Business Data at Risk for Thousands of Companies

SAP’s patch update for this month included a fix for a critical remote code execution vulnerability in the SAP GUI client that provides remote access to a central SAP server in a corporate network. Researchers at ERPScan, a Dutch company specializing in business application security, disclosed so...

7.5CVSS0.8AI score0.03785EPSS
Exploits0References4
OSV
OSV
added 2016/07/28 2:2 a.m.5 views

CVE-2016-4531

Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 does not invalidate credentials upon a logout action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation...

7.3CVSS5.8AI score0.08222EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2016/05/10 7:0 a.m.56 views

Windows Media Center Remote Code Execution Vulnerability

A vulnerability exists in Windows Media Center that could allow remote code execution if Windows Media Center opens a specially crafted Media Center link .mcl file that references malicious code. An attacker who successfully exploited this vulnerability could take control of an affected system...

9.3CVSS2.2AI score0.6994EPSS
Exploits3
Cvelist
Cvelist
added 2015/10/09 1:0 a.m.23 views

CVE-2015-5833

The Login Window component in Apple OS X before 10.11 does not ensure that the screen is locked at the intended time, which allows physically proximate attackers to obtain access by visiting an unattended workstation...

5.8AI score0.00396EPSS
Exploits0References4
Hewlett-Packard
Hewlett-Packard
added 2015/09/25 12:0 a.m.33 views

HPSBHF03513 rev.2 - HP PCs and Workstations running Windows and Linux with NVIDIA Graphics Driver, Local Denial of Service (DoS), Elevation of Privilege

Potential Security Impact Denial of Service DoS, elevation of privilege VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with certain HP PCs and workstations with Windows and Linux running the NVIDIA Graphics Driver. The vulnerabilities could be locally exploited...

6.6CVSS4.2AI score0.00364EPSS
Exploits0
0day.today
0day.today
added 2015/07/13 12:0 a.m.54 views

Western Digital Arkeia 11.0.13 Remote Code Execution Vulnerability

Western Digital Arkeia versions 11.0.12 and below suffer from a ARKFSEXECCMD remote code execution vulnerability. Advisory Information Title: Western Digital Arkeia "ARKFSEXECCMD" Date published: 2015-07-10 Vendors contacted: Western Digital / Arkeia Class: OS Command Injection CWE-78 Impact: Cod...

7.9AI score
Exploits0
NVD
NVD
added 2015/06/09 12:59 a.m.19 views

CVE-2015-4418

Zoho NetFlow Analyzer build 10250 and earlier does not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation...

5CVSS6.8AI score0.02854EPSS
Exploits0References3
Prion
Prion
added 2015/06/09 12:59 a.m.18 views

Design/Logic Flaw

Zoho NetFlow Analyzer build 10250 and earlier does not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation...

5CVSS7.3AI score0.02854EPSS
Exploits0References3
Prion
Prion
added 2014/10/18 1:55 a.m.25 views

Design/Logic Flaw

CFPreferences in Apple OS X before 10.10 does not properly enforce the "require password after sleep or screen saver begins" setting, which makes it easier for physically proximate attackers to obtain access by leveraging an unattended workstation...

4.6CVSS6.6AI score0.00347EPSS
Exploits0References5Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.9 views

Multiple Kaspersky Products 'klim5.sys' - Local Privilege Escalation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/33561/info Multiple Kaspersky products are prone to a local privilege-escalation vulnerability because the applications fail to perform adequate boundary checks on user-supplied data. A local attacker can exploit this iss...

7.1AI score
Exploits0
NVD
NVD
added 2014/02/14 1:10 p.m.17 views

CVE-2013-6742

The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation...

7.5CVSS6.5AI score0.01309EPSS
Exploits0References2
NVD
NVD
added 2013/09/25 10:31 a.m.20 views

CVE-2013-4025

IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x do not have an off autocomplete attribute for the login-password field, which makes it easier for remote attackers to obtain...

1.9CVSS6.4AI score0.00479EPSS
Exploits0References2
Rows per page
Query Builder