Lucene search
K

4491 matches found

Prion
Prion
added 2015/04/14 8:59 p.m.26 views

Design/Logic Flaw

Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted...

7.2CVSS6.8AI score0.01755EPSS
Exploits4References3Affected Software5
Check Point Advisories
Check Point Advisories
added 2015/04/14 12:0 a.m.4 views

Microsoft Windows MS-DOS Device Name Elevation of Privilege (MS15-038; CVE-2015-1644)

An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is caused when Microsoft Windows fails to properly validate and enforce impersonation levels. A remote attacker can exploit this issue by logging on to the system and running a specially crafted application...

7.2CVSS5.9AI score0.01755EPSS
Exploits4
Kaspersky
Kaspersky
added 2015/04/14 12:0 a.m.91 views

KLA10559 Privileges escalation in Microsoft products

Multiple improper impersonation levels handling were found in Microsoft products. By exploiting these vulnerabilities malicious users can gain privileges. These vulnerabilities can be exploited locally via a specially designed application. Original advisories MS15-038 CVE-2015-1643 CVE-2015-1644...

7.2CVSS6.6AI score0.02724EPSS
Exploits4References14
Tenable Nessus
Tenable Nessus
added 2015/04/02 12:0 a.m.30 views

NVIDIA Graphics Driver Local Privilege Escalation

The remote Windows host has a driver installed this is affected by a privilege escalation vulnerability due to a failure to properly validate local client impersonation levels when performing a kernel administrator check. A local attacker can exploit this issue, via unspecified API calls, to gain...

7.2CVSS5.5AI score0.0039EPSS
Exploits0References2
CNVD
CNVD
added 2015/03/25 12:0 a.m.2 views

IBM Security Identity Manager Information Disclosure Vulnerability (CNVD-2015-01982)

IBM Security Identity Manager is part of the IBM Security Systems portfolio of products that help organizations drive effective identity management and control across the enterprise, reducing the risk of identity fraud and improving regulatory compliance. An information disclosure vulnerability...

1.9CVSS5.9AI score0.00385EPSS
Exploits0References1
Cvelist
Cvelist
added 2015/03/11 10:0 a.m.32 views

CVE-2015-0075

The kernel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Impersonation Level Check Elevation of Privilege...

6.2AI score0.01636EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2015/03/11 12:0 a.m.36 views

Microsoft Windows Task Scheduler security Feature Bypass Vulnerability (3030377)

This host is missing an important security update according to Microsoft Bulletin MS15-028. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

2.1CVSS5AI score0.01723EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2015/03/11 12:0 a.m.36 views

Microsoft Windows Kernel Privilege Elevation Vulnerabilities (3038680)

This host is missing an important security update according to Microsoft Bulletin MS15-025. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

7.2CVSS5AI score0.01817EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/03/10 12:0 a.m.63 views

MS15-028: Vulnerability in Windows Task Scheduler Could Allow Security Feature Bypass (3030377)

The remote Windows host is affected by a security bypass vulnerability due to Windows Task Scheduler not properly validating and enforcing impersonation levels. Attackers can exploit this flaw to elevate privileges in order to execute files they have no permission to run. C Tenable Network...

2.1CVSS5.8AI score0.01723EPSS
Exploits0References2
NVD
NVD
added 2015/02/19 3:59 p.m.22 views

CVE-2014-8690

Multiple cross-site scripting XSS vulnerabilities in Exponent CMS before 2.1.4 patch 6, 2.2.x before 2.2.3 patch 9, and 2.3.x before 2.3.1 patch 4 allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO, the 2 src parameter in a none action to index.php, or the 3 "First...

4.3CVSS5.7AI score0.03954EPSS
Exploits5References8
OpenVAS
OpenVAS
added 2015/02/11 12:0 a.m.32 views

Microsoft Windows Create Process Elevation of Privilege Vulnerability (3031432)

This host is missing an important security update according to Microsoft Bulletin MS15-015. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

7.2CVSS5AI score0.0175EPSS
Exploits0References3
OSV
OSV
added 2014/12/31 12:0 a.m.3 views

UBUNTU-CVE-2014-8147

The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode ICU before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause a denial of service...

7.5CVSS7.1AI score0.23352EPSS
Exploits3References4
n0where
n0where
added 2014/12/06 8:2 a.m.21 views

Next Generation Web Scanner – WhatWeb

Next Generation Web Scanner WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognises web technologies including content management systems CMS, blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded...

7.7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/09/10 12:0 a.m.43 views

AIX OpenSSL Advisory : openssl_advisory10.asc

The version of OpenSSL installed on the remote host is affected by the following vulnerabilities : - A memory double-free error exists related to handling DTLS packets that allows denial of service attacks. CVE-2014-3505 - An unspecified error exists related to handling DTLS handshake messages th...

7.5CVSS6.8AI score0.7408EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2014/08/01 12:0 a.m.27 views

Debian DSA-2993-1 : tor - security update

Several issues have been discovered in Tor, a connection-based low-latency anonymous communication system, resulting in information leaks. - Relay-early cells could be used by colluding relays on the network to tag user circuits and so deploy traffic confirmation attacks CVE-2014-5117. The update...

5.8CVSS8.1AI score0.02094EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2014/07/26 12:0 a.m.27 views

Oracle Solaris Critical Patch Update : july2013_SRU5_5

This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite subcomponent: SMF/File Locking Services. Supported versions that are affected are 8, 9, 10 and 11. Easily exploitable...

6.4CVSS5.9AI score0.02924EPSS
Exploits0References4
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.24 views

SchoolMation 2.3 - SQLi and XSS Vulnerability

No description provided by source. ==================================================== SchoolMation Version 2.3 SQLi and XSS Vulnerability ==================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, ...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

VU Case Manager Authentication Bypass

No description provided by source. 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ /'\ \ /\ \ \ \ /'\ 0 0 \ \ /\ /\ \ \ \ /\ \ \ /\ /\ \ \ \ \ \ \ / 1 1 \ \ \ \\ \ \ /\ \...

7.1AI score
Exploits0
myhack58
myhack58
added 2014/05/02 12:0 a.m.10 views

While bypassing Baidu heuristic engine and active Defense-vulnerability warning-the black bar safety net

While bypassing Baidu heuristic engine and the Proactive Defense heuristic Avira and active defense in the two different logic levels for system protection, but rely on the malware's malicious behavior to be killing, if malicious behavior is scattered in different logic levels, will make these tw...

1.4AI score
Exploits0
ThreatPost
ThreatPost
added 2014/04/22 12:44 p.m.7 views

2014 Verizon Data Breach Investigations Report DBIR

Most of us—hopefully—awaken every day, shower and brush our teeth. If you own a home, you patch a leaky roof and paint the shutters so they don’t rot. You own a vehicle, you change the oil when you’re supposed to and make sure the brakes work the way they’re supposed to. It’s simple hygiene. Yet ...

1.1AI score
Exploits0References4
Rows per page
Query Builder