Microsoft Office: Disable First Run Movie

This test checks the setting for policy OpenVAS Vulnerability Test $Id: office2013firstrunmovie.nasl 11843 2018-10-11 14:33:21Z emoss $ Check value for Disable First Run Movie Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This program is free...

Microsoft Office: Enable Automatic Updates

This test checks the setting for policy Copyright C 2018 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either...

UBUNTU-CVE-2018-1086

pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to...

Microsoft Office 2016 And Excel 2016 Click-to-Run (C2R) Multiple Vulnerabilities (Apr 2018)

This host is missing an important security update according to Microsoft Office Click-to-Run updates. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Computerinsel Photoline PCX Run Length Code Execution Vulnerability

Summary A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this...

pcs: Debug parameter removal bypass, allowing information disclosure

It was found that the REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege...

CVE-2017-14471

An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information,...

run-down.com XSS vulnerability

Open Bug Bounty ID: OBB-594826 Description| Value ---|--- Affected Website:| run-down.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Microsoft Office 2016 Click-to-Run (C2R) Remote Code Execution Vulnerability (Mar 2018)

This host is missing an important security update according to Microsoft Office Click-to-Run updates. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Microsoft Office 2016 Click-to-Run (C2R) Security Bypass Vulnerability (Mar 2018)

This host is missing an important security update according to Microsoft Office Click-to-Run updates. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

DEWESoft X3 SP1 Arbitrary Code Execution Vulnerability

DEWESoft X3 SP1 is a device for industrial measurements. A security vulnerability exists in the RunExeFile.exe file in the DEWESoft X3 SP1 64-bit device, which originates when the program requires authentication for a session on TCP port 1999. A remote attacker could exploit the vulnerability to...

CVE-2018-7756

RunExeFile.exe in the installer for DEWESoft X3 SP1 64-bit devices does not require authentication for sessions on TCP port 1999, which allows remote attackers to execute arbitrary code or access internal commands, as demonstrated by a RUN command that launches a .EXE file located at an arbitrary...

DEBIAN-CVE-2017-12194

A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are...

CVE-2018-0903

Microsoft Access 2010 SP2, Microsoft Access 2013 SP1, Microsoft Access 2016, and Microsoft Office 2016 Click-to-Run allow a remote code execution vulnerability due to how objects are handled in memory, aka "Microsoft Access Remote Code Execution Vulnerability"...

airflow-plugins (=0.1.3), tf-run-manager (>=1.0.0 <=2.1.6) potentially affected by CVE-2018-7750 via paramiko (=2.3.1)

paramiko PYPI version =2.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on paramiko and may be impacted: - airflow-plugins =0.1.3 - tf-run-manager =1.0.0, =2.1.6 Source cves: CVE-2018-7750 Source advisory: OSV:PYSEC-2018-19...

DEBIAN-CVE-2017-18226

The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a "kill -TERM cat...

CVE-2017-18226

The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a "kill -TERM cat...

DEWESoft X3 SP1 (64-bit) installer / Remote Internal Command Access Vulnerability

Exploit for windows platform in category remote exploits + Credits: John Page aka hyp3rlinx Vendor: ============= www.dewesoft.com Product: =========== DEWESoft X3 SP1 64-bit installer - X3 DEWESoftFULLX3SP164BIT.exe Vulnerability Type: =================== Remote Internal Command Access CVE...

Underbit libmad Denial of Service Vulnerability

Underbit libmad is an open source MPEG audio decoding library that provides 24-bit PCM output for platforms without floating point support. A security vulnerability exists in the 'maddecoderrun' function of the decoder.c file in Underbit libmad 0.15.1b and earlier versions. A remote attacker can...

Cisco Data Center Analytics Framework Cross-Site Scripting Vulnerability

Cisco Data Center Analytics Framework DCAF is a set of data center analytics framework from Cisco. The Cisco Data Center Analytics Framework suffers from a cross-site scripting vulnerability that arises from the program's failure to adequately validate user-submitted input. A remote attacker coul...