Lucene search
K

73 matches found

ATTACKERKB
ATTACKERKB
added 2020/05/20 12:0 a.m.36 views

CVE-2020-1143: Win32k Use-After-Free

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or...

7.8CVSS1.3AI score0.01284EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/05/19 12:0 a.m.39 views

CVE-2020-13166

The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcoded the same for all customers’ installations in web.config, and can be used to send serialized ASP code. Recent assessments: wvu-r7 at May 21, 2020 5:50am UTC reported: Metasplo...

9.8CVSS6.5AI score0.77635EPSS
Exploits5References3
ATTACKERKB
ATTACKERKB
added 2020/04/08 12:0 a.m.28 views

CVE-2020-10977

GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects. Recent assessments: wvu-r7 at June 09, 2020 10:49pm UTC reported: @zeroSteiner pointed us to this exploit chain today: . It uses CVE-2020-10535 to satisfy the authentication requirement. Note that...

5.5CVSS0.6AI score0.42741EPSS
Exploits10References6
ATTACKERKB
ATTACKERKB
added 2020/04/02 12:0 a.m.28 views

CVE-2020-11100

In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution. Recent assessments: 3dcyber at April 23, 2020 1:18...

8.8CVSS1.6AI score0.60727EPSS
Exploits0References19
ATTACKERKB
ATTACKERKB
added 2020/03/03 12:0 a.m.15 views

Task Scheduler S4U Logon Elevation of Privilege

The windows task scheduler allows a split token administrator to register a task which runs as a batch job from a limited privilege context. This doesn’t require a user’s password to accomplish as the task will be run non-interactively and so doesn’t need access to the password in order to access...

2.7AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2020/02/27 12:0 a.m.131 views

CVE-2020-6418

Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Recent assessments: J3rryBl4nks at March 04, 2020 4:42pm UTC reported: You would have to chain this vulnerability with a working sandbox escape in...

8.8CVSS0.3AI score0.78808EPSS
In wildExploits6References9
ATTACKERKB
ATTACKERKB
added 2020/02/22 12:0 a.m.26 views

CVE-2020-9340

fauzantrif eLection 2.0 has SQL Injection via the admin/ajax/opkandidat.php id parameter. Recent assessments: J3rryBl4nks at March 09, 2020 9:27pm UTC reported: This is an authenticated SQL Injection that should lead to a reverse shell. It’s very easy to identify, and to exploit. The value is low...

7.2CVSS3.4AI score0.0104EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2020/02/13 12:0 a.m.7 views

Admin Check Bypass in NtPowerInformation

The system call NtPowerInformation performs a check that the caller is an administrator before performing some specific power functions. The check is done in the PopUserIsAdmin function. Recent assessments: busterb at May 09, 2019 5:57pm UTC reported: Project zero reason for closure: Info not...

2.5AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2020/02/13 12:0 a.m.23 views

SMBv2 Symlink to Local File Vulnerability

SMBv2 supports symlinks on remote file systems by returning a special status code STATUSSTOPPEDONSYMLINK when a symlink is encountered on the remote share. It also returns a symlink reparse data buffer to be processed to determine where to redirect the request. While this is supported functionali...

3.7AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2020/02/13 12:0 a.m.10 views

Microsoft Office 2007 and 2010 RTF frmtxtbrl EIP corruption

The following crash was observed in MS Office 2007 running under Windows 2003 x86. Microsoft Office File Validation Add-In is disabled and application verified was enabled for testing and reproduction. This sample also reproduced in Office 2010 running on Windows 7 x86. It did not reproduce in...

3AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2020/02/13 12:0 a.m.10 views

Microsoft Internet Explorer: READ in CAnimatablePropertyListElement::GetCurrentValues:

Clusterfuzz crash Recent assessments: busterb at May 09, 2019 5:57pm UTC reported: Not exploitable other than for crashing a browser, probably not that useful though. Assessed Attacker Value: 1 Assessed Attacker Value: 1Assessed Attacker Value: 5...

2.5AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2020/02/13 12:0 a.m.12 views

Return Of Bleichenbacher's Oracle Threat

ROBOT is the return of a 19-year-old vulnerability that allows performing RSA decryption and signing operations with the private key of a TLS server. Recent assessments: busterb at May 09, 2019 5:57pm UTC reported: The details are pretty heavily documented on robotattack.org, so no need to...

2.4AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/02/12 12:0 a.m.24 views

CVE-2019-19194

The Bluetooth Low Energy Secure Manager Protocol SMP implementation on Telink Semiconductor BLE SDK versions before November 2019 for TLSR8x5x through 3.4.0, TLSR823x through 1.3.0, and TLSR826x through 3.3 devices installs a zero long term key LTK if an out-of-order link-layer encryption request...

8.8CVSS3AI score0.01002EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2020/02/10 12:0 a.m.26 views

CVE-2019-17517

The Bluetooth Low Energy implementation on Dialog Semiconductor SDK through 5.0.4 for DA14580/1/2/3 devices does not properly restrict the L2CAP payload length, allowing attackers in radio range to cause a buffer overflow via a crafted Link Layer packet. Recent assessments: pbarry25 at April 25,...

6.1CVSS8.1AI score0.00629EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2020/02/10 12:0 a.m.46 views

CVE-2019-17060

The Bluetooth Low Energy BLE stack implementation on the NXP KW41Z based on the MCUXpresso SDK with Bluetooth Low Energy Driver 2.2.1 and earlier does not properly restrict the BLE Link Layer header and executes certain memory contents upon receiving a packet with a Link Layer ID LLID equal to...

6.5CVSS7AI score0.00881EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2020/02/03 12:0 a.m.36 views

CVE-2020-8597 rhostname buffer overflow in pppd

eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eaprequest and eapresponse functions. Recent assessments: wvu-r7 at March 10, 2020 6:33pm UTC reported: AFAIK, it is common to enable full mitigations on the binary, with ASLR enabled on the system. While this doesn’...

9.8CVSS3.4AI score0.19431EPSS
Exploits3References15
ATTACKERKB
ATTACKERKB
added 2020/01/21 12:0 a.m.58 views

CVE-2020-7246

A remote code execution RCE vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users‘photoppreview’ delete photo feature, allowing bypass of .htaccess protection...

8.8CVSS2.6AI score0.83235EPSS
Exploits18References4
ATTACKERKB
ATTACKERKB
added 2020/01/15 12:0 a.m.38 views

Junos Space: Malicious HTTP packets sent to Junos Space allow an attacker to view all files on the device.

A Local File Inclusion vulnerability in Juniper Networks Junos Space allows an attacker to view all files on the target when the device receives malicious HTTP packets. This issue affects: Juniper Networks Junos Space versions prior to 19.4R1. Recent assessments: busterb at January 30, 2020 8:09a...

6.5CVSS0.3AI score0.01667EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2020/01/14 12:0 a.m.24 views

Remote Desktop Client remote code execution vulnerability

A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka ‘Remote Desktop Client Remote Code Execution Vulnerability’. Recent assessments: busterb at January 15, 2020 2:29am UTC reported: This is a client-side exploit, which...

7.5CVSS2.4AI score0.0808EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/01/14 12:0 a.m.31 views

CVE-2020-0638

An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Update Notification Manager Elevation of Privilege Vulnerability’. Recent assessments:...

7.8CVSS8.7AI score0.02928EPSS
In wildExploits0References2
Rows per page
Query Builder