Lucene search
K

65 matches found

Cvelist
Cvelist
added 2018/07/24 1:0 p.m.57 views

CVE-2018-10905

CloudForms Management Engine cfme is vulnerable to an improper security setting in the dRuby component of CloudForms. An attacker with access to an unprivileged local shell could use this flaw to execute commands as a high privileged user...

7.8CVSS7.4AI score0.00474EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2018/06/11 12:0 a.m.110 views

Microsoft Windows: Network access: Shares that can be accessed anonymously

This security setting determines which network shares can accessed by anonymous users. C Microsoft Corporation 2015. Note: This policy check will report compliance by default if the key is empty or missing. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a...

7.4AI score
Exploits0References5
OpenVAS
OpenVAS
added 2018/05/04 12:0 a.m.10 views

Microsoft Windows: Accounts: Administrator account status

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winadministratoraccountstatus.nasl 11532 2018-09-21 19:07:30Z cfischer $ Check value for Accounts: Administrator account status WMI Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2018/04/30 12:0 a.m.10 views

Microsoft Windows 10: Restore files and directories

This security setting determines which users can bypass file, directory, registry, and other persistent object permissions when they restore backed up files and directories, and it determines which users can set valid security principals as the owner of an object. OpenVAS Vulnerability Test $Id:...

7.5AI score
Exploits0
OpenVAS
OpenVAS
added 2018/04/30 12:0 a.m.32 views

Microsoft Windows 10: Modify firmware environment values

This security setting determines who can modify firmware environment values. Firmware environment values are settings that are stored in the nonvolatile RAM of non-x86-based computers. The effect of the setting depends on the processor. On all computers, this user right is required to install or...

7.2AI score
Exploits0
OpenVAS
OpenVAS
added 2018/04/30 12:0 a.m.40 views

Microsoft Windows 10: Replace a process level token

This policy setting determines which parent processes can replace the access token that is associated with a child process. Specifically, the Replace a process level token setting determines which user accounts can call the CreateProcessAsUser application programming interface API so that one...

7.2AI score
Exploits0
OpenVAS
OpenVAS
added 2018/04/17 12:0 a.m.10 views

Microsoft Office: Allow Unsecure Apps, Web add-ins and Catalogs

This test checks the setting for policy OpenVAS Vulnerability Test $Id: office2013allowinsecureappscatalogs.nasl 11843 2018-10-11 14:33:21Z emoss $ Check value for Allow Unsecure Apps and Catalogs Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net...

7.3AI score
Exploits0
NVD
NVD
added 2017/10/23 1:29 a.m.18 views

CVE-2017-7141

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Mail" component. It allows remote attackers to bypass an intended off value of the "Load remote content in messages" setting, and consequently discover an e-mail recipient's IP address, via ...

5.3CVSS4.5AI score0.015EPSS
Exploits0References3
Prion
Prion
added 2017/10/23 1:29 a.m.18 views

Design/Logic Flaw

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Mail" component. It allows remote attackers to bypass an intended off value of the "Load remote content in messages" setting, and consequently discover an e-mail recipient's IP address, via ...

5CVSS4.5AI score0.015EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2017/01/13 12:0 a.m.6 views

The vulnerability of the Flash Player software platform, which allows attackers to compromise the integrity, accessibility, and confidentiality of information.

The vulnerability of the Flash Player software is related to errors in security settings when implementing existing access control policies. Exploiting this vulnerability can allow a malicious actor, operating remotely, to compromise the integrity, accessibility, and confidentiality of informatio...

7.5CVSS7.6AI score0.04628EPSS
Exploits0References3Affected Software2
The Hacker News
The Hacker News
added 2016/03/30 8:27 p.m.14 views

Enable this New Setting to Secure your Computer from Macro-based Malware

Do you deal with MS Word files on the daily basis? If yes, then are you aware that even opening a simple doc file could compromise your system? It is a matter to think that the virus does not directly affect you, but it is you who let the virus carry out the attack by enabling deadly "Macros" to...

6.8AI score
Exploits0
Atlassian
Atlassian
added 2014/10/01 2:52 p.m.17 views

Confluence Security Settings not respected by Confluence Questions

Hi Atlassian team, in our Confluence configuration we set "User email visibility" to "only visible to site administrators" However, we use the Confluence Questions plugin and if we click there on a Contact and "Contact info", the email is displayed even to anonymous users. As I am on vaccation fo...

1.7AI score
Exploits0Affected Software1
Packet Storm
Packet Storm
added 2012/12/09 12:0 a.m.16 views

Dolphin3D 1.52 / 1.60 Command Execution

Dolphin3D web browser ActiveX Remote Command Execution Date: Dez 9 2012 Author: Rh0 Affected Version: Dolphin3D 1.52 and 1.60 Tested on: Windows XP Professional SP3 EN require 'msf/core' class Metasploit3 'Dolphin3D web browser ActiveX Exec', 'Description' = %q This module exploits the default...

7.4AI score
Exploits0
0day.today
0day.today
added 2012/06/04 12:0 a.m.19 views

Sysax <= 5.60 Create SSL Certificate Buffer Overflow

Exploit for windows platform in category local exploits Title: Sysax Security Settings Configure - Create Certificate - You will get an error, click OK and voila, code execution calc.exe shell32.ll jmp esp 7cb97475...

6.8AI score
Exploits0
CERT
CERT
added 2010/12/13 12:0 a.m.256 views

Microsoft Internet Explorer CSS use-after-free vulnerability

Overview Microsoft Internet Explorer contains a use-after-free vulnerability in the handling of CSS, which may allow a remote, unauthenticated attacker to execute arbitrary code. Description Microsoft Internet Explorer contains a vulnerability caused by a use-after-free error within the mshtml.dl...

9.3CVSS6.5AI score0.81663EPSS
Exploits9References8
ThreatPost
ThreatPost
added 2010/05/17 6:46 p.m.11 views

Disable ActiveX Controls

For a more fine-grained control over what features are allowed in the zone, click the Custom Level button. At this point, you can control the specific security options that apply to the current zone. For example ActiveX can be disabled by selecting Disable for Run ActiveX controls and plug-ins...

1.4AI score
Exploits0
CERT
CERT
added 2010/03/09 12:0 a.m.44 views

Microsoft Internet Explorer iepeers.dll use-after-free vulnerability

Overview Microsoft Internet Explorer contains a use-after-free vulnerability in the iepeers.dll file, which may allow a remote, unauthenticated attacker to execute arbitrary code. Description Microsoft Internet Explorer provides support for Web Folders and printing through the use of the...

9.3CVSS6.5AI score0.82172EPSS
Exploits15References3
CISA
CISA
added 2010/02/03 12:0 a.m.9 views

Microsoft Releases Security Advisory 980088

Microsoft has released Security Advisory 980088 to alert users of a vulnerability in Microsoft Internet Explorer. The advisory indicates that exploitation of this vulnerability may allow an attacker to harvest user credentials and other sensitive information by enticing users to visit a malicious...

6.2AI score
Exploits0References2
OSV
OSV
added 2008/08/04 12:0 a.m.14 views

DSA-1627-2 opensc - smart card vulnerability

Bulletin has no description...

6.6CVSS6.3AI score0.00393EPSS
Exploits1
CVE
CVE
added 2005/07/14 4:0 a.m.58 views

CVE-2001-1537

The CVE concerns TWIG webmail versions 2.7.4 and earlier where the default 'basic' security setting in config.php stores cleartext usernames and passwords in cookies. This could allow an attacker to obtain authentication information and gain privileges. The PT-2001-2622 entry reiterates the affec...

7.5CVSS7.2AI score0.01115EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder