7670 matches found
The vulnerability of the Windows operating system allows a hacker to steal sessions and increase their privileges.
The vulnerability of the Windows operating system’s kernel is related to the improper use of session objects. Exploiting this vulnerability can allow a local attacker to steal a session and increase their privileges through a specially created application...
CS-Cart Twigmo Plugin PHP Object Injection Vulnerability
CS-Cart is a PHP and MySQL based e-commerce software system developed by CS-Cart team. The system supports third-party software extensions , custom promotional strategies , product filtering definitions , etc. Twigmo is one of the template plug-ins developed specifically for mobile terminals . A...
Metasploit Weekly Release Static secret_key_base pre-auth 远程代码执行漏洞
Author: Justin Steven OVE ID: OVE-20160904-0002 Private disclosure date: 2016-09-04 Public disclosure date: 2016-09-19 Vendor advisory: https://community.rapid7.com/community/metasploit/blog/2016/09/15/important-security-fixes-in-metasploit-4120-2016091401 Affected versions: Metasploit...
Mock Local Elevation of Privilege Vulnerability
The mock is a test method that creates a virtual object for some objects that are not easy to construct or obtain for testing purposes. A local elevation of privilege vulnerability exists in mock. A local attacker can exploit the vulnerability to gain higher privileges...
UBUNTU-CVE-2016-7411
ext/standard/varunserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via an unserialize call that references a partially constructed object...
CVE-2016-3305
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 mishandles session objects, which allows local users to hijack sessions, and consequently gain privileges...
CVE-2016-3305
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 mishandles session objects, which allows local users to hijack sessions, and consequently gain privileges...
Privilege escalation
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 mishandles session objects, which allows local users to hijack sessions, and consequently gain privileges...
Microsoft Windows Kernel Multiple Vulnerabilities (3186973)
This host is missing an important security update according to Microsoft Bulletin MS16-111 SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Win32k Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or...
Windows Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with elevated permissions on a target system. To exploit the vulnerability, an attacker who has a domain user accou...
Windows Session Object Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in the way that Windows handles session objects. A locally authenticated attacker who successfully exploited the vulnerability could hijack the session of another user. To exploit the vulnerability, the attacker could run a specially crafted...
Internet Explorer Information Disclosure Vulnerability
An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, in a web-based attack scenario, an...
Windows Secure Kernel Mode Information Disclosure Vulnerability
An information disclosure vulnerability exists when Windows Secure Kernel Mode improperly handles objects in memory. A locally authenticated attacker who successfully exploited this vulnerability could be able to read sensitive information on the target system. To exploit this vulnerability, an...
Microsoft Windows Session Object Elevation of Privilege (MS16-111: CVE-2016-3305)
An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is due to an error in the way windows kernel handles session objects in concurrent logins. Successful exploitation may lead to a malicious user gaining access to a victim user's session...
MS16-109: Security Update for Silverlight (3182373)
The version of Microsoft Silverlight installed on the remote Windows host is affected by a remote code execution vulnerability due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a website containing a specially crafte...
Microsoft Office Memory Corruption (MS16-107: CVE-2016-3363)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...
CVE-2016-7124
ext/standard/varunserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a 1 destruct call or 2 magic method call...
Apache OpenOffice -- multiple vulnerabilities
The Apache Openofffice project reports: CVE-2017-3157: Arbitrary file disclosure in Calc and Writer By exploiting the way OpenOffice renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacke...
[SECURITY] Fedora 23 Update: rubygem-activerecord-4.2.3-3.fc23
Implements the ActiveRecord pattern Fowler, PoEAA for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL...