Microsoft Windows Kernel Elevation of Privilege Vulnerability (KB4100480)

This host is missing a critical security update according to Microsoft KB4100480 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SRC-2018-0019 : Foxit Reader field event userName Setter Use-After-Free Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists whe...

SAP Business Objects Business Intelligence Platform Cross-Site Scripting Vulnerability

SAP Business Objects Business Intelligence Platform is a set of business intelligence software and enterprise performance management platform from SAP. The platform provides reporting, performance management and data base functions. A cross-site scripting vulnerability exists in SAP Business...

NetIQ iManager Elevation of Privilege Vulnerability

NetIQ iManager is a WEB-based application from American NetIQ. You can use wireless devices to manage and configure eDirectory objects. A security vulnerability exists in versions of NetIQ iManager prior to 3.1. No detailed vulnerability details are provided at this time...

Google Software Updater macOS - Unsafe use of Distributed Objects Privilege Escalation Exploit

Exploit for macOS platform in category local exploits / Google software updater ships with Chrome on MacOS and installs a root service com.google.Keystone.Daemon.UpdateEngine which lives here: /Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/GoogleSoftwareUpdateDaem...

Google Software Updater macOS - Unsafe use of Distributed Objects Privilege Escalation

/ Google software updater ships with Chrome on MacOS and installs a root service com.google.Keystone.Daemon.UpdateEngine which lives here: /Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/GoogleSoftwareUpdateDaemon This service vends a Distributed Object which expos...

Google Software Updater macOS - Unsafe use of Distributed Objects Privilege Escalation

Google Software Updater macOS - Unsafe use of Distributed Objects Privilege Escalation / Google software updater ships with Chrome on MacOS and installs a root service com.google.Keystone.Daemon.UpdateEngine which lives here:...

The vulnerability of the Zabbix universal monitoring system arises from incorrect restrictions on XML links to external objects, allowing a perpetrator to execute arbitrary code or read arbitrary files.

The vulnerability of the Zabbix universal monitoring system is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or read arbitrary files using a specially crafted XML request...

Microsoft Windows Kernel Information Disclosure Vulnerability (CNVD-2018-06787)

Microsoft Windows Server 2008 SP2 and others are a series of operating systems from Microsoft Corporation.Windows kernel is one of the operating system kernels. An information disclosure vulnerability exists in Microsoft Windows kernel, which arises from a program's failure to properly filter...

CVE-2018-2397

In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console CMC does not sufficiently encode user controlled inputs which results in Cross-Site Scripting...

Cross site scripting

In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console CMC does not sufficiently encode user controlled inputs which results in Cross-Site Scripting...

CVE-2018-2397

In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console CMC does not sufficiently encode user controlled inputs which results in Cross-Site Scripting...

CVE-2018-2397

In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console CMC does not sufficiently encode user controlled inputs which results in Cross-Site Scripting...

CVE-2018-2397

In SAP Business Objects BI Platform, versions 4.00–4.30, the Central Management Console (CMC) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting. This is the concrete issue described across the CVE and connected records, with no explicit exploitation details or...

CVE-2018-0891

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due ...

CVE-2018-0891

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due ...

CVE-2018-0817

Technical details about CVE-2018-0817 are not publicly provided in the supplied documents. Monitor for updates from official advisories; no affected products, root cause, or remediation are specified here.

EUVD-2018-1717

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows information...

Microsoft Access Remote Code Execution Vulnerability (KB4011234)

This host is missing an important security update according to Microsoft KB4011234 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

infinispan: Unsafe deserialization of malicious object injected into data cache

It was found that the Hotrod client in Infinispan would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks...