40 matches found
D-Link DAP-1860和TCP 授权问题漏洞
The D-Link DAP-1860 is a WiFi range extender from D-Link, a Taiwan-based company. The D-Link DAP-1860 is vulnerable to a remote code execution vulnerability that could be exploited by attackers to elevate privileges and execute code in the device context...
C-MORE HMI EA9 Control Port Missing Authentication for Critical Function Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of C-More HMI EA9 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the control service, which listens on TCP port 9999 by default. The...
CVE-2018-0307
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting...
CVE-2017-12335
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command...
Command injection
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command...
Windows Kernel stack memory disclosure in win32k!NtGdiGetTextMetricsW(CVE-2017-8472)
We have discovered that it is possible to disclose portions of uninitialized kernel stack memory to user-mode applications in Windows 7 other systems untested through the win32k!NtGdiGetTextMetricsW system call. The output structure used by the syscall, according to various sources, is TMWINTERNA...
Microsoft Windows - win32k!NtGdiGetTextMetricsW Kernel Stack Memory Disclosure
Microsoft Windows - win32k!NtGdiGetTextMetricsW Kernel Stack Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1180 We have discovered that it is possible to disclose portions of uninitialized kernel stack memory to user-mode applications in Windows 7 other...
Microsoft Windows - 'win32k!NtGdiGetTextMetricsW' Kernel Stack Memory Disclosure
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1180 We have discovered that it is possible to disclose portions of uninitialized kernel stack memory to user-mode applications in Windows 7 other systems untested through the win32k!NtGdiGetTextMetricsW system call. The output...
The vulnerability of Cisco Nexus 7000 software allows a malicious individual to increase their privileges.
The vulnerability in Cisco NX-OS devices of the Nexus 7000 series – where multiple virtual device contexts VDC are enabled, along with local authentication – allows remote users who have passed authentication to elevate their privileges within an unplanned VDC environment. This is achieved by usi...
Microsoft Windows 7 - win32k Bitmap Use-After-Free (MS16-062) (1)
Microsoft Windows 7 - win32k Bitmap Use-After-Free MS16-062 1 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=746 The attached PoC triggers a blue screen on Windows 7 with special pool enabled on win32k.sys . A reference to the bitmap object still exists in the device context...
Microsoft Windows 7 - win32k Bitmap Use-After-Free (MS16-062) (1)
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=746 The attached PoC triggers a blue screen on Windows 7 with special pool enabled on win32k.sys . A reference to the bitmap object still exists in the device context after it has been deleted. Proof of Concept:...
Cisco Nexus 7000 Devices Virtual Device Context Privilege Escalation Vulnerability (Cisco-SA-20150630-CVE-2015-4231)
A privilege escalation vulnerability in the Python scripting subsystem of Cisco Nexus 7000 devices that have been configured with multiple virtual device contexts VDCs could allow an authenticated, local attacker to delete files owned by a different VDC on the device. Copyright C 2016 Greenbone...
Microsoft Win32k Elevation of Privilege (MS16-062: CVE-2016-0172)
An elevation of privilege vulnerability exists in the Windows Kernel. The vulnerability is caused when Microsoft Windows improperly deals with DC Device context surface. A remote attacker can exploit this vulnerability by running a specially crafted application...
The vulnerability of the NX-OS network operating system allows a hacker to bypass existing access restrictions and delete any arbitrary VDC files.
The vulnerability of the Python-based network operating system NX-OS relates to deficiencies in access control for certain functions. Exploiting this vulnerability could allow an attacker, operating locally, to circumvent existing access restrictions and delete arbitrary VDC files...
Microsoft Windows Kernel - Brush Object Use-After-Free (MS15-061)
Microsoft Windows Kernel - Brush Object Use-After-Free MS15-061 Source: https://code.google.com/p/google-security-research/issues/detail?id=304 Creating a device context with the flag DCXNORESETATTRS and selecting a brush object into the device context will result in the brush being freed on...
Microsoft Windows Kernel - Brush Object Use-After-Free (MS15-061)
Source: https://code.google.com/p/google-security-research/issues/detail?id=304 Creating a device context with the flag DCXNORESETATTRS and selecting a brush object into the device context will result in the brush being freed on process exit without the reference to the object being cleared. The...
UBUNTU-CVE-2015-1322
Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu vivid before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0ubuntu7.1 allows local users to change the modem device configuration or read arbitrary files via a...
Seowon Intech WiMAX SWC-9100 Router - cgi-bindiagnostic.cgi?ping_ipaddr Remote Code Execution
Seowon Intech WiMAX SWC-9100 Router - cgi-bindiagnostic.cgi?pingipaddr Remote Code Execution source: https://www.securityfocus.com/bid/65306/info WiMAX SWC-9100 Mobile Router is prone to a security-bypass vulnerability and a command-injection vulnerability. Exploiting these issues could allow an...
Seowon Intech WiMAX SWC-9100 Router - '/cgi-bin/diagnostic.cgi?ping_ipaddr' Remote Code Execution
source: https://www.securityfocus.com/bid/65306/info WiMAX SWC-9100 Mobile Router is prone to a security-bypass vulnerability and a command-injection vulnerability. Exploiting these issues could allow an attacker to bypass certain security restrictions or execute arbitrary commands in the context...
Windows内核 GetDCEx()函数内存破坏漏洞(MS10-032)
BUGTRAQ ID: 40508 CVE ID: CVE-2010-0484 Windows是微软发布的非常流行的操作系统。 Windows的Win32k.sys内核驱动在通过GetDCEx函数处理设备上下文(DC)时存在内存破坏漏洞,本地用户可以通过运行特制的应用程序获得ring0权限。 Microsoft Windows XP SP3 Microsoft Windows XP SP2 Microsoft Windows Vista SP2 Microsoft Windows Vista SP1 Microsoft Windows Server 2008 SP2 Microsoft...