Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (Oct 2019)

This host is missing an important security update according to Microsoft Office Click-to-Run updates. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Microsoft Windows NTLM CVE-2019-1338 Security Bypass Vulnerability

Description Microsoft Windows is prone to a security bypass vulnerability. Successfully exploiting this issue may allow attackers to bypass certain security restrictions and perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. Technologies Affecte...

Persistence – Registry Run Keys

Getting an initial foothold inside a network during a red team operation is a time consuming task. Therefore persistence is key to a successful red team operation as will enable the team to focus on the objectives of the engagement without losing the communication with the command and control...

Palo Alto Networks Zingbox Inspector CVE-2019-15023 Information Disclosure Vulnerability

Description Palo Alto Networks Zingbox Inspector is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Versions prior to Zingbox Inspector 1.295 are vulnerable. Technologies Affected Paloaltonetworks...

Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (Sep 2019)

This host is missing an important security update according to Microsoft Office Click-to-Run updates. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

WordPress sharebar plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. sharebar is a plugin used to add social sharing buttons to blogs. A cross-site scripting vulnerability exists in the WordPress shareba...

CVE-2019-4133

IBM Cloud Automation Manager 3.1.2 could allow a malicious user on the client side with access to client computer to run a custom script. IBM X-Force ID: 158278...

Adobe Acrobat Pro DC AcroForm Bitmap File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing o...

Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (Aug 2019)

This host is missing an important security update according to Microsoft Office Click-to-Run updates. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

PT-2019-3051 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: An elevation of privilege issue exists due to the way the wcmsvc.dll handles objects in memory. This could allow an attacker to execute code with elevated permissions by running a specially...

PT-2019-2920 · Microsoft · Windows Server 2012 +7

Name of the Vulnerable Software and Affected Versions: Remote Desktop Services versions prior to the fixed version, including Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and all supported versions of Windows 10, including server versions...

CVE-2019-14221

1CRM On-Premise Software 8.5.7 allows XSS via a payload that is mishandled during a Run Report operation...

Cross site scripting

1CRM On-Premise Software 8.5.7 allows XSS via a payload that is mishandled during a Run Report operation...

CVE-2019-14221

1CRM On-Premise Software 8.5.7 allows XSS via a payload that is mishandled during a Run Report operation...

CVE-2019-14221

1CRM On-Premise Software 8.5.7 is affected by a Cross-Site Scripting vulnerability triggered by a payload mishandled during a Run Report operation. The issue is described across CVE-2019-14221 entries (NVD, RH, CNVD, PRION) as XSS, with some references labeling it stored/persistent. Public disclo...

August 6, 2019, update for Office 2016 (KB3141456)

August 6, 2019, update for Office 2016 KB3141456 This article describes update 3141456 for Microsoft Office 2016 that was released on August 6, 2019.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply to...

1CRM On-Premise Software 8.5.7 - Persistent Cross-Site Scripting

1CRM On-Premise Software 8.5.7 - Persistent Cross-Site Scripting 1CRM On-Premise Software 8.5.7 Stored XSS //////////////////////////////////////////////////////////////////////////////////// Exploit Title: 1CRM On-Premise Software 8.5.7 - Cross-Site Scripting Date: 19/07/2019 Exploit Author: Kus...

vdsm: privilege escalation to root via systemd_run

A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemdrun function exposed to the vdsm system user could be abused to execute arbitrary commands as root...

PHP 'ext/exif/exif.c' Denial of Service Vulnerability

Description PHP is prone to a denial-of-service vulnerability. Successful exploits may allow the attacker to crash the affected application resulting in denial-of-service condition. Versions prior to PHP 7.4.0 are vulnerable. Technologies Affected PHP PHP 7.3.0 PHP PHP 7.3.1 PHP PHP 7.3.2 PHP PHP...

CVE-2019-13971

OTCMS 3.81 allows XSS via the mode parameter in an apiRun.php?mudi=autoRun request...