CVE-2017-4015

Clickjacking vulnerability in the server in McAfee Network Data Loss Prevention NDLP 9.3.x allows remote authenticated users to inject arbitrary web script or HTML via HTTP response header...

CVE-2017-4012

Privilege Escalation vulnerability in the server in McAfee Network Data Loss Prevention NDLP 9.3.x allows remote authenticated users to view confidential information via modification of the HTTP request...

CVE-2017-4013

Banner Disclosure in the server in McAfee Network Data Loss Prevention NDLP 9.3.x allows remote attackers to obtain product information via HTTP response header...

CVE-2017-4015

Clickjacking vulnerability in the server in McAfee Network Data Loss Prevention NDLP 9.3.x allows remote authenticated users to inject arbitrary web script or HTML via HTTP response header...

CVE-2017-4013

Banner Disclosure in the server in McAfee Network Data Loss Prevention NDLP 9.3.x allows remote attackers to obtain product information via HTTP response header...

CVE-2017-4017

McAfee Network Data Loss Prevention (NDLP) 9.3.x contains an information disclosure vulnerability in the server implementation that allows remote attackers to view user information via the appliance web interface. Public sources in connected documents corroborate that an attacker can exploit the ...

CVE-2017-4011

Embedding Script XSS in HTTP Headers vulnerability in the server in McAfee Network Data Loss Prevention NDLP 9.3.x allows remote attackers to get session/cookie information via modification of the HTTP request...

PT-2017-16178 · Mcafee · Mcafee Network Data Loss Prevention

Name of the Vulnerable Software and Affected Versions: McAfee Network Data Loss Prevention NDLP versions 9.3.x Description: The issue allows remote authenticated users to inject arbitrary web script or HTML via HTTP response headers. This can be exploited by injecting malicious code into the HTTP...

ShadowBrokers Planning Monthly Exploit, Data Dump Service

Popcorn in hand, the ShadowBrokers say they’re taking in the WannaCry outbreak from the sidelines before starting in June a subscription service for new exploits and stolen data akin to a wine of the month club. In what’s become a signature periodic rant from the unknowns behind the leak of...

CVE-2016-7761

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "WiFi" component, which allows local users to obtain sensitive network-configuration information by leveraging global storage...

HP Printers Wi-Fi Unauthorized Access Vulnerability

HP Printers Wi-Fi is a WiFi direct connect printer from Hewlett-Packard HP USA. An unauthorized access vulnerability exists in HP Printers WiFi Direct, which also affects printers of the same model with a public IP. The vulnerability can be exploited to obtain information about the printer's...

F5 BIG-IP systems denial of service vulnerability

F5 BIG-IP LTM, etc. are products of F5 Corporation, USA. ltm is a local traffic manager; APM is a set of solutions that provide secure and unified access to business-critical applications and networks. virtual server is one of the virtual server software components. A security vulnerability exist...

Debian Security Advisory DSA 3749-1 (dcmtk - security update)

Gjoko Krstic of Zero Science Labs discovered that dcmtk, a collection of libraries implementing the DICOM standard, did not properly handle the size of data received from the network. This could lead to denial-of-service via application crash or arbitrary code execution. OpenVAS Vulnerability Tes...

Security Bulletin: ASN. 1 coding in the presence of a heap memory corruption vulnerability-vulnerability warning-the black bar safety net

! ! 1. Security Bulletin information Title: Objective system integrated Co., Ltd. The design of the ASN. 1 coding specification in the presence of one can lead to heap memory corruption vulnerabilities. Vulnerability CVE number: CVE-2 0 1 6-5 0 8 0 Announcement of the URL address:...

Microsoft Windows RPC Network Data Representation Engine Elevation of Privilege Vulnerability

Microsoft Windows is a series of operating systems released by the American company Microsoft. An elevation of privilege vulnerability exists in Microsoft Windows, which results from a program failing to properly free memory. A remote attacker could exploit the vulnerability by means of a special...

CVE-2016-0178

The RPC NDR Engine in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles free operations, which allows remote attackers to execute arbitrary code via malformed RPC...

RPC Network Data Representation Engine Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way Microsoft Windows handles specially crafted Remote Procedure Call RPC requests. The remote code execution can occur when the RPC Network Data Representation NDR Engine improperly frees memory. An authenticated attacker who successfully...

KLA11914 Multiple vulnerability in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Support Update. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in...

The vulnerability of the Solaris operating system, which allows a hacker to modify data

The vulnerability of the NDMP Backup Service component of the Solaris operating system is related to errors in the code. Exploiting this vulnerability could allow an attacker, operating locally, to gain access to modify, add, or delete data...

Solaris NDMP Backup Service Component Data Modification Vulnerability

Solaris is a unix-based operating system. An unspecified vulnerability in the Solaris NDMP Backup Service component allows attackers to exploit the vulnerability to make unauthorized changes to data...