4491 matches found
Design/Logic Flaw
Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted...
Microsoft Windows MS-DOS Device Name Elevation of Privilege (MS15-038; CVE-2015-1644)
An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is caused when Microsoft Windows fails to properly validate and enforce impersonation levels. A remote attacker can exploit this issue by logging on to the system and running a specially crafted application...
KLA10559 Privileges escalation in Microsoft products
Multiple improper impersonation levels handling were found in Microsoft products. By exploiting these vulnerabilities malicious users can gain privileges. These vulnerabilities can be exploited locally via a specially designed application. Original advisories MS15-038 CVE-2015-1643 CVE-2015-1644...
NVIDIA Graphics Driver Local Privilege Escalation
The remote Windows host has a driver installed this is affected by a privilege escalation vulnerability due to a failure to properly validate local client impersonation levels when performing a kernel administrator check. A local attacker can exploit this issue, via unspecified API calls, to gain...
IBM Security Identity Manager Information Disclosure Vulnerability (CNVD-2015-01982)
IBM Security Identity Manager is part of the IBM Security Systems portfolio of products that help organizations drive effective identity management and control across the enterprise, reducing the risk of identity fraud and improving regulatory compliance. An information disclosure vulnerability...
CVE-2015-0075
The kernel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Impersonation Level Check Elevation of Privilege...
Microsoft Windows Task Scheduler security Feature Bypass Vulnerability (3030377)
This host is missing an important security update according to Microsoft Bulletin MS15-028. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Microsoft Windows Kernel Privilege Elevation Vulnerabilities (3038680)
This host is missing an important security update according to Microsoft Bulletin MS15-025. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
MS15-028: Vulnerability in Windows Task Scheduler Could Allow Security Feature Bypass (3030377)
The remote Windows host is affected by a security bypass vulnerability due to Windows Task Scheduler not properly validating and enforcing impersonation levels. Attackers can exploit this flaw to elevate privileges in order to execute files they have no permission to run. C Tenable Network...
CVE-2014-8690
Multiple cross-site scripting XSS vulnerabilities in Exponent CMS before 2.1.4 patch 6, 2.2.x before 2.2.3 patch 9, and 2.3.x before 2.3.1 patch 4 allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO, the 2 src parameter in a none action to index.php, or the 3 "First...
Microsoft Windows Create Process Elevation of Privilege Vulnerability (3031432)
This host is missing an important security update according to Microsoft Bulletin MS15-015. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
UBUNTU-CVE-2014-8147
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode ICU before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause a denial of service...
Next Generation Web Scanner – WhatWeb
Next Generation Web Scanner WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognises web technologies including content management systems CMS, blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded...
AIX OpenSSL Advisory : openssl_advisory10.asc
The version of OpenSSL installed on the remote host is affected by the following vulnerabilities : - A memory double-free error exists related to handling DTLS packets that allows denial of service attacks. CVE-2014-3505 - An unspecified error exists related to handling DTLS handshake messages th...
Debian DSA-2993-1 : tor - security update
Several issues have been discovered in Tor, a connection-based low-latency anonymous communication system, resulting in information leaks. - Relay-early cells could be used by colluding relays on the network to tag user circuits and so deploy traffic confirmation attacks CVE-2014-5117. The update...
Oracle Solaris Critical Patch Update : july2013_SRU5_5
This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite subcomponent: SMF/File Locking Services. Supported versions that are affected are 8, 9, 10 and 11. Easily exploitable...
SchoolMation 2.3 - SQLi and XSS Vulnerability
No description provided by source. ==================================================== SchoolMation Version 2.3 SQLi and XSS Vulnerability ==================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, ...
VU Case Manager Authentication Bypass
No description provided by source. 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ /'\ \ /\ \ \ \ /'\ 0 0 \ \ /\ /\ \ \ \ /\ \ \ /\ /\ \ \ \ \ \ \ / 1 1 \ \ \ \\ \ \ /\ \...
While bypassing Baidu heuristic engine and active Defense-vulnerability warning-the black bar safety net
While bypassing Baidu heuristic engine and the Proactive Defense heuristic Avira and active defense in the two different logic levels for system protection, but rely on the malware's malicious behavior to be killing, if malicious behavior is scattered in different logic levels, will make these tw...
2014 Verizon Data Breach Investigations Report DBIR
Most of us—hopefully—awaken every day, shower and brush our teeth. If you own a home, you patch a leaky roof and paint the shutters so they don’t rot. You own a vehicle, you change the oil when you’re supposed to and make sure the brakes work the way they’re supposed to. It’s simple hygiene. Yet ...