38 matches found
EUVD-2005-3480
Malware in sbrugna...
OESA-2025-2124 krb5 security update
Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. Security Fixes: A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due ...
CVE-2021-37116
PCManager has a Weaknesses Introduced During Design vulnerability .Successful exploitation of this vulnerability may cause that the PIN of the subscriber is changed...
Microsoft Visual Studio Code Remote Code Execution (CVE-2021-27084)
A remote code execution vulnerability exists in the Maven for Java Extension for Microsoft Visual Studio Code. The vulnerability is due to a design weakness. A remote attacker can exploit this vulnerability by enticing a user to open a maliciously crafted Java Maven project folder...
CVE-2021-37116
PCManager has a Weaknesses Introduced During Design vulnerability .Successful exploitation of this vulnerability may cause that the PIN of the subscriber is changed...
CVE-2021-37116
PCManager has a Weaknesses Introduced During Design vulnerability .Successful exploitation of this vulnerability may cause that the PIN of the subscriber is changed...
CVE-2021-22393
There is a denial of service vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. The affected product cannot deal with some messages because of module design weakness . Attackers can exploit this vulnerability by sending a large amount of...
PT-2020-14144 · Espressif · Esp32
Name of the Vulnerable Software and Affected Versions: Espressif ESP32 affected versions not specified Description: The issue concerns bypassing flash encryption by leveraging a design weakness in combination with EMFI. This allows for potential unauthorized access to encrypted data. There is no...
Mozilla Firefox WebExtensions SettingContent-ms Policy Bypass (CVE-2018-12368)
A policy bypass vulnerability exists in Mozilla Firefox. This vulnerability is due to a design weakness that allows a malicious WebExtension to open a SettingContent-ms file without a user prompt...
HP Data Protector Backup Client Service Code Execution - Ver2 (CVE-2011-0922)
HP OpenView Storage Data Protector is a backup solution tailored for enterprise and distributed environments. The Data Protector environment consists of a Cell Manager, backup agents, and backup device servers. The backup agent supports various message types in its communication with clients in...
Microsoft Intune App PIN Bypass
COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: Microsoft Intune 1 Vendor: Microsoft CSNC ID: CSNC-2017-027 Subject: App PIN Bypass Risk: Medium Effect: Locally exploitable Author: Stephan Sekula Date: 31.08.2017 Introduction: ------------- Define a mobile...
Dell SonicWALL GMS-Analyzer license.jsp Information Disclosure
An information disclosure vulnerability exists in the license.jsp component of Dell SonicWALL GMS, Analyzer. The vulnerability is due to a design weakness where the page containing sensitive information, license.jsp, can be accessed without authentication. This page returns the serial number for...
phpFileManager cmd Parameter Command Execution
A remote command execution vulnerability exists in phpFileManager. The vulnerability is due to a design weakness when handling HTTP requests with "action" parameter set to 6 or 9. A remote user can exploit this vulnerability by injecting arbitrary command in the "cmd" parameter...
Apple Mac OS X Gatekeeper Bypass
Gatekeeper is Mac OS X’s guardian against rogue applications and malware sneaking into Apple’s famous walled garden. It’s also been a favorite target of researchers and advanced attackers desperate to gain control of Apple devices. Tomorrow at Virus Bulletin in Prague, researcher Patrick Wardle,...
SolarWinds Firewall Security Manager userlogin.jsp Policy Bypass (CVE-2015-2284)
A policy bypass vulnerability exists in SolarWinds Firewall Security Manager. The vulnerability is due to a design weakness in the userlogin.jsp page which sets the "username" session value to a user supplied value prior to authentication. A remote unauthenticated attacker could exploit this...
Desktop Linux Password Stealer and Privilege Escalation
This module steals the user password of an administrative user on a desktop Linux system when it is entered for unlocking the screen or for doing administrative actions using PolicyKit. Then, it escalates to root privileges using sudo and the stolen user password. It exploits the design weakness...
RARLAB WinRAR Zip Format Filename Spoofing
A file name spoofing vulnerability has been reported in RARLAB's WinRAR. The vulnerability is due to a design weakness when processing zip format archives. Successful exploitation could allow for arbitrary code execution in the security context of the logged in user...
PostgreSQL Database SET ROLE Security Bypass (CVE-2014-0060)
A policy bypass vulnerability has been found in PostgreSQL database server. The vulnerability is due to a design weakness when granting a role without ADMIN OPTION. A remote attacker can exploit the vulnerability to cause a policy bypass allowing execution of a security-restricted operation or a...
Microsoft Windows IPv6 Router Advertisements Denial of Service (MS14-006; CVE-2014-0254)
A denial of service vulnerability has been reported in Microsoft Windows. The vulnerability is due to a design weakness in the IPv6 stack as it processes router advertisement packets. An attacker can exploit this vulnerability by sending a large number of specially crafted IPv6 packets to the...
Google Chrome XSSAuditor Filter Security Policy Bypass
A policy bypass vulnerability exists in Google Chrome. The vulnerability is due a design weakness in Chrome XSSAuditor. By inserting JavaScript in the srcdoc attribute of an IFRAME tag, the Cross-Site Scripting filter can be bypassed. An attacker can exploit this weakness to further facilitate...