69 matches found
CVE-2019-10845
CVE-2019-10845 affects Uniqkey Password Manager 1.14. The vulnerability concerns the pop-up UI for saving credentials (id="uniqkey-password-popup" and password-popup/popup.html). The pop-up window can be read and to some extent manipulated by remote servers, and it persists on every page visited ...
CVE-2019-10845
An issue was discovered in Uniqkey Password Manager 1.14. When entering new credentials to a site that isn't registered within this product, a pop-up window will appear asking the user if they want to save these new credentials. The code of the pop-up window can be read and, to some extent,...
SUSE-SU-2018:4215-1 Security update for enigmail
This update for enigmail to version 2.0.9 fixes the following issues: Security issue fixed: - When using Web Key Discovery, a HTTP authentication may be triggered. This may trick users into possibly sending e-mail credentials bsc1118935. Non-security issues fixed: - pEp - PGP/MIME signed-only...
Step 2. Manage authentication and safeguard access: top 10 actions to secure your environment
This series outlines the most fundamental steps you can take with your investment in Microsoft 365 security solutions. We will provide advice on activities such as setting up identity management through active directory, malware protection, and more. In this post, we explain how to enable single...
CVE-2018-10327
PrinterOn Enterprise 4.1.3 stores Active Directory bind credentials using base64 encoding in cps_config.xml, allowing a local user to read credentials for a domain user. Affected: PrinterOn Enterprise 4.1.3; root cause: credentials are stored in base64 (not encrypted). Impact: potential credentia...
Security Updates for Windows Server 2008 (May 2018)
The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the Credential Security Support Provider protocol CredSSP. An attacker who successfully exploits this vulnerability could relay user...
Microsoft Windows Multiple Vulnerabilities (KB4103716)
This host is missing a critical security update according to Microsoft KB4103716 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
The vulnerability of the Credential Security Support Provider protocol (CredSSP) in the Windows operating system, which allows a perpetrator to execute arbitrary commands on behalf of a legitimate user
The vulnerability of the Credential Security Support Provider protocol CredSSP in the Windows operating system is related to deficiencies in the authentication process. Exploiting this vulnerability allows an attacker to execute arbitrary commands on behalf of a legitimate user...
Microsoft Credential Security Support Provider - Remote Code Execution Vulnerability
Exploit for windows platform in category remote exploits credssp This is a poc code for exploiting CVE-2018-0886. It should be used for educational purposes only. It relies on a fork of the rdpy projecthttps://github.com/preempt/rdpy, allowing also credssp relay. Written by Eyal Karni, Preempt...
Microsoft Credential Security Support Provider - Remote Code Execution
credssp This is a poc code for exploiting CVE-2018-0886. It should be used for educational purposes only. It relies on a fork of the rdpy projecthttps://github.com/preempt/rdpy, allowing also credssp relay. Written by Eyal Karni, Preempt [email protected] Build Instructions Linux If you are usin...
Microsoft Credential Security Support Provider protocol remote code execution vulnerability
Microsoft Windows 10 and others are a series of operating systems released by Microsoft Corporation in the U.S. Credential Security Support Provider protocol CredSSP is one of the credential security support provider protocols. A remote code execution vulnerability exists in Microsoft CredSSP. A...
CVE-2018-0886
The Credential Security Support Provider protocol CredSSP in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709 allows a remote code...
Microsoft Windows Multiple Vulnerabilities (KB4088786)
This host is missing a critical security update according to Microsoft KB4088786 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Microsoft Windows Multiple Vulnerabilities (KB4088782)
This host is missing a critical security update according to Microsoft KB4088782 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Microsoft Windows Multiple Vulnerabilities (KB4088875)
This host is missing a critical security update according to Microsoft KB4088875 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Microsoft Windows Multiple Vulnerabilities (KB4088787)
This host is missing a critical security update according to Microsoft KB4088787 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
KB4088787: Windows 10 Version 1607 and Windows Server 2016 March 2018 Security Update
The remote Windows host is missing security update 4088787. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists in Windows when Desktop Bridge does not properly manage the virtual registry. An attacker who successfully exploited this...
Security Updates for Windows Server 2008 (March 2018)
The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists when Windows Remote Assistance incorrectly processes XML External Entities XXE. An attacker who successfully exploited the vulnerability...
KB4088779: Windows 10 Version 1511 March 2018 Security Update
The remote Windows host is missing security update 4088779. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists when Windows Remote Assistance incorrectly processes XML External Entities XXE. An attacker who successfully exploited the...
CVE-2015-9107
CVE-2015-9107 affects Zoho ManageEngine OpManager versions 11 through 12.2. The vulnerability centers on a custom encryption algorithm used to protect credentials for accessing monitored devices. The algorithm does not use a per-system key or salt, which enables the creation of a universal decryp...