7923 matches found
Design/Logic Flaw
Untrusted search path vulnerability in Installer of Flets Easy Setup Tool Ver1.2.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...
CVE-2017-10825
Untrusted search path vulnerability in Installer of Flets Easy Setup Tool Ver1.2.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...
PowerShell Post-Exploitation Agent: Empire
Empire is a post-exploitation framework that includes a pure-PowerShell2.0 Windows agent, and a pure Python 2.6/2.7 Linux/OS X agent. It is the merge of the previous PowerShell Empire and Python EmPyre projects. The framework offers cryptologically-secure communications and a flexible architectur...
CVE-2017-10825
Untrusted search path vulnerability in Installer of Flets Easy Setup Tool Ver1.2.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...
CVE-2017-10825
CVE-2017-10825 affects the Installer of Flets Easy Setup Tool (Ver 1.2.0 and earlier). The underlying issue is an insecure DLL search path (untrusted search path) that allows arbitrary code execution with the privileges of the user invoking the installer when a Trojan horse DLL is present in an u...
Installer of "Flets Easy Setup Tool" may insecurely load Dynamic Link Libraries
Overview Installer of "Flets Easy Setup Tool" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC...
JVN#97243511: Installer of ”Flets Easy Setup Tool" may insecurely load Dynamic Link Libraries
Installer of "Flets Easy Setup Tool" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the...
Open-Xchange: IDOR - setAttribute action of user object in API
Note. I selected sandbox.open-xchange.com as the asset in Hackerone but this was tested on a local installation . Hello, There appears to be a possible IDOR vulnerability in the following API endpoint for setting custom attributes:...
CVE-2017-7088
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Exchange ActiveSync" component. It allows remote attackers to erase a device in opportunistic circumstances by hijacking a cleartext AutoDiscover V1 session during the setup of an Exchange accoun...
CVE-2017-10303
Vulnerability in the Oracle Interaction Center Intelligence component of Oracle E-Business Suite subcomponent: Setup. Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...
CVE-2017-10303
Vulnerability in the Oracle Interaction Center Intelligence component of Oracle E-Business Suite subcomponent: Setup. Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...
Buffer overflow
Vulnerability in the Oracle Interaction Center Intelligence component of Oracle E-Business Suite subcomponent: Setup. Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...
Code injection
Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite subcomponent: Setup and Configuration. Supported versions that are affected are 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network...
Oracle E-Business Suite Unauthorized Operation Vulnerability (CNVD-2017-32191)
Oracle E-Business Suite E-Business Suite is the United States Oracle Oracle company's set of fully integrated global business management software. The software provides customer relationship management, service management, financial management, etc. Oracle Interaction Center Intelligence is one o...
Unspecified Vulnerability in Oracle Advanced Outbound Telephony
Oracle E-Business Suite E-Business Suite is a set of Oracle's fully integrated global business management software. Oracle Advanced Outbound Telephony is one of the tools used for outbound call campaign list management and predictive dialing. An unspecified vulnerability exists in the Setup and...
Unspecified Vulnerability in Oracle Advanced Outbound Telephony (CNVD-2017-30897)
Oracle E-Business Suite E-Business Suite is a set of Oracle's fully integrated global business management software. Oracle Advanced Outbound Telephony is one of the tools used for outbound call campaign list management and predictive dialing. An unspecified vulnerability exists in the Setup and...
wpa_supplicant: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake
A new exploitation technique called key reinstallation attacks KRACK affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used Tunneled Direct-Link Setup TDL...
ALPINE-CVE-2017-13086
Wi-Fi Protected Access WPA and WPA2 allows reinstallation of the Tunneled Direct-Link Setup TDLS Peer Key TPK during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames...
CVE-2017-13086
Wi-Fi Protected Access WPA and WPA2 allows reinstallation of the Tunneled Direct-Link Setup TDLS Peer Key TPK during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames...
CVE-2017-13086
Wi-Fi Protected Access WPA and WPA2 allows reinstallation of the Tunneled Direct-Link Setup TDLS Peer Key TPK during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames...