173 matches found
Microsoft Windows: Interactive logon: Machine account lockout threshold
This test checks the setting for policy OpenVAS Vulnerability Test $Id: winilmachineacclockoutthreshold.nasl 11532 2018-09-21 19:07:30Z cfischer $ Check value for Interactive logon: Machine account lockout threshold Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...
Honeybits - A Simple Tool Designed To Enhance The Effectiveness Of Your Traps By Spreading Breadcrumbs & Honeytokens Across Your Systems
A simple tool designed to enhance the effectiveness of your traps by spreading breadcrumbs & honeytokens across your production servers and workstations to lure the attacker toward your honeypots. Author: Adel "0x4D31" Karimi. Background The problem with the traditional implementation of honeypot...
Two Nasty Outlook Bugs Fixed in Microsoft’s Feb. Patch Tuesday Update
Microsoft issued 50 security fixes as part of its February Patch Tuesday release, covering vulnerabilities in Windows, Office, Internet Explorer, Edge and its JavaScript engine ChakraCore. Fourteen of the vulnerabilities are labeled as critical, 34 as important and two as moderate. Two notable...
TP-Link TL-SG108E XSS / Weak Access Control
Overview ------------- Three vulnerabilities have been discovered in the TP-Link TL-SG108E, firmware 1.0.0 Build 20160722 Rel.50167: CVE-2017-17745 - Cross Site Scripting XSS in systemnameset.cgi, sysName parameter CVE-2017-17746 - Weak access control for user authentication CVE-2017-17747 - Weak...
Microsoft Outlook Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially crafted email messages. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or...
UBUNTU-CVE-2017-8879
Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation...
PT-2017-18601 · Dolibarr · Dolibarr Erp/Crm
Name of the Vulnerable Software and Affected Versions: Dolibarr ERP/CRM version 4.0.4 Description: The issue allows password changes without requiring the current password, making it easier for attackers with physical access to obtain access via an unattended workstation. Recommendations: For...
HPSBHF03557 rev. 1 - Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Remote Privilege Escalation
Potential Security Impact Remote escalation of privilege on provisioned systems or local escalation of privilege on unprovisioned systems. VULNERABILITY SUMMARY A security vulnerability has been discovered in Intel’s manageability firmware that impacts all Intel OEMs. This vulnerability is a...
SAP Vulnerability Puts Business Data at Risk for Thousands of Companies
SAP’s patch update for this month included a fix for a critical remote code execution vulnerability in the SAP GUI client that provides remote access to a central SAP server in a corporate network. Researchers at ERPScan, a Dutch company specializing in business application security, disclosed so...
CVE-2016-4531
Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 does not invalidate credentials upon a logout action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation...
Windows Media Center Remote Code Execution Vulnerability
A vulnerability exists in Windows Media Center that could allow remote code execution if Windows Media Center opens a specially crafted Media Center link .mcl file that references malicious code. An attacker who successfully exploited this vulnerability could take control of an affected system...
CVE-2015-5833
The Login Window component in Apple OS X before 10.11 does not ensure that the screen is locked at the intended time, which allows physically proximate attackers to obtain access by visiting an unattended workstation...
HPSBHF03513 rev.2 - HP PCs and Workstations running Windows and Linux with NVIDIA Graphics Driver, Local Denial of Service (DoS), Elevation of Privilege
Potential Security Impact Denial of Service DoS, elevation of privilege VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with certain HP PCs and workstations with Windows and Linux running the NVIDIA Graphics Driver. The vulnerabilities could be locally exploited...
Western Digital Arkeia 11.0.13 Remote Code Execution Vulnerability
Western Digital Arkeia versions 11.0.12 and below suffer from a ARKFSEXECCMD remote code execution vulnerability. Advisory Information Title: Western Digital Arkeia "ARKFSEXECCMD" Date published: 2015-07-10 Vendors contacted: Western Digital / Arkeia Class: OS Command Injection CWE-78 Impact: Cod...
CVE-2015-4418
Zoho NetFlow Analyzer build 10250 and earlier does not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation...
Design/Logic Flaw
Zoho NetFlow Analyzer build 10250 and earlier does not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation...
Design/Logic Flaw
CFPreferences in Apple OS X before 10.10 does not properly enforce the "require password after sleep or screen saver begins" setting, which makes it easier for physically proximate attackers to obtain access by leveraging an unattended workstation...
Multiple Kaspersky Products 'klim5.sys' - Local Privilege Escalation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/33561/info Multiple Kaspersky products are prone to a local privilege-escalation vulnerability because the applications fail to perform adequate boundary checks on user-supplied data. A local attacker can exploit this iss...
CVE-2013-6742
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation...
CVE-2013-4025
IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x do not have an off autocomplete attribute for the login-password field, which makes it easier for remote attackers to obtain...