Lucene search
K

4 matches found

NVD
NVD
added 2009/03/11 2:19 p.m.22 views

CVE-2009-0093

Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery WPAD feature, and conduct...

3.5CVSS6AI score0.1702EPSS
Exploits1References11
Prion
Prion
added 2009/03/11 2:19 p.m.24 views

Design/Logic Flaw

Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery WPAD feature, and conduct...

3.5CVSS6.2AI score0.1702EPSS
Exploits1References11
Prion
Prion
added 2009/03/11 2:19 p.m.26 views

Design/Logic Flaw

The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the 1 "wpad" and 2 "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery WPAD and Intra-Site Automatic Tunnel Addressing Protocol ISATAP...

5.5CVSS6.2AI score0.23461EPSS
Exploits1References10
CVE
CVE
added 2007/03/26 11:0 p.m.52 views

CVE-2007-1692

CVE-2007-1692 concerns WPAD abuse via name registrations in Windows WINS/DNS. The default Windows config may allow remote attackers to intercept user web traffic by registering a proxy using WINS/DNS and answering WPAD requests (as shown with Internet Explorer). Related entries (CVE-2009-0093/009...

7.5CVSS6.4AI score0.15254EPSS
Exploits0References6Affected Software2
Rows per page
Query Builder