65 matches found
CVE-2018-10905
CloudForms Management Engine cfme is vulnerable to an improper security setting in the dRuby component of CloudForms. An attacker with access to an unprivileged local shell could use this flaw to execute commands as a high privileged user...
Microsoft Windows: Network access: Shares that can be accessed anonymously
This security setting determines which network shares can accessed by anonymous users. C Microsoft Corporation 2015. Note: This policy check will report compliance by default if the key is empty or missing. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a...
Microsoft Windows: Accounts: Administrator account status
This test checks the setting for policy OpenVAS Vulnerability Test $Id: winadministratoraccountstatus.nasl 11532 2018-09-21 19:07:30Z cfischer $ Check value for Accounts: Administrator account status WMI Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...
Microsoft Windows 10: Restore files and directories
This security setting determines which users can bypass file, directory, registry, and other persistent object permissions when they restore backed up files and directories, and it determines which users can set valid security principals as the owner of an object. OpenVAS Vulnerability Test $Id:...
Microsoft Windows 10: Modify firmware environment values
This security setting determines who can modify firmware environment values. Firmware environment values are settings that are stored in the nonvolatile RAM of non-x86-based computers. The effect of the setting depends on the processor. On all computers, this user right is required to install or...
Microsoft Windows 10: Replace a process level token
This policy setting determines which parent processes can replace the access token that is associated with a child process. Specifically, the Replace a process level token setting determines which user accounts can call the CreateProcessAsUser application programming interface API so that one...
Microsoft Office: Allow Unsecure Apps, Web add-ins and Catalogs
This test checks the setting for policy OpenVAS Vulnerability Test $Id: office2013allowinsecureappscatalogs.nasl 11843 2018-10-11 14:33:21Z emoss $ Check value for Allow Unsecure Apps and Catalogs Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net...
CVE-2017-7141
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Mail" component. It allows remote attackers to bypass an intended off value of the "Load remote content in messages" setting, and consequently discover an e-mail recipient's IP address, via ...
Design/Logic Flaw
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Mail" component. It allows remote attackers to bypass an intended off value of the "Load remote content in messages" setting, and consequently discover an e-mail recipient's IP address, via ...
The vulnerability of the Flash Player software platform, which allows attackers to compromise the integrity, accessibility, and confidentiality of information.
The vulnerability of the Flash Player software is related to errors in security settings when implementing existing access control policies. Exploiting this vulnerability can allow a malicious actor, operating remotely, to compromise the integrity, accessibility, and confidentiality of informatio...
Enable this New Setting to Secure your Computer from Macro-based Malware
Do you deal with MS Word files on the daily basis? If yes, then are you aware that even opening a simple doc file could compromise your system? It is a matter to think that the virus does not directly affect you, but it is you who let the virus carry out the attack by enabling deadly "Macros" to...
Confluence Security Settings not respected by Confluence Questions
Hi Atlassian team, in our Confluence configuration we set "User email visibility" to "only visible to site administrators" However, we use the Confluence Questions plugin and if we click there on a Contact and "Contact info", the email is displayed even to anonymous users. As I am on vaccation fo...
Dolphin3D 1.52 / 1.60 Command Execution
Dolphin3D web browser ActiveX Remote Command Execution Date: Dez 9 2012 Author: Rh0 Affected Version: Dolphin3D 1.52 and 1.60 Tested on: Windows XP Professional SP3 EN require 'msf/core' class Metasploit3 'Dolphin3D web browser ActiveX Exec', 'Description' = %q This module exploits the default...
Sysax <= 5.60 Create SSL Certificate Buffer Overflow
Exploit for windows platform in category local exploits Title: Sysax Security Settings Configure - Create Certificate - You will get an error, click OK and voila, code execution calc.exe shell32.ll jmp esp 7cb97475...
Microsoft Internet Explorer CSS use-after-free vulnerability
Overview Microsoft Internet Explorer contains a use-after-free vulnerability in the handling of CSS, which may allow a remote, unauthenticated attacker to execute arbitrary code. Description Microsoft Internet Explorer contains a vulnerability caused by a use-after-free error within the mshtml.dl...
Disable ActiveX Controls
For a more fine-grained control over what features are allowed in the zone, click the Custom Level button. At this point, you can control the specific security options that apply to the current zone. For example ActiveX can be disabled by selecting Disable for Run ActiveX controls and plug-ins...
Microsoft Internet Explorer iepeers.dll use-after-free vulnerability
Overview Microsoft Internet Explorer contains a use-after-free vulnerability in the iepeers.dll file, which may allow a remote, unauthenticated attacker to execute arbitrary code. Description Microsoft Internet Explorer provides support for Web Folders and printing through the use of the...
Microsoft Releases Security Advisory 980088
Microsoft has released Security Advisory 980088 to alert users of a vulnerability in Microsoft Internet Explorer. The advisory indicates that exploitation of this vulnerability may allow an attacker to harvest user credentials and other sensitive information by enticing users to visit a malicious...
DSA-1627-2 opensc - smart card vulnerability
Bulletin has no description...
CVE-2001-1537
The CVE concerns TWIG webmail versions 2.7.4 and earlier where the default 'basic' security setting in config.php stores cleartext usernames and passwords in cookies. This could allow an attacker to obtain authentication information and gain privileges. The PT-2001-2622 entry reiterates the affec...