CVE-2020-15145

CVE-2020-15145 covers privilege-elevation issues in Windows Composer-Setup prior to 6.0.0. Local attackers could exploit: (1) modify the file C:\ProgramData\ComposerSetup\bin\composer.bat to run elevated commands when an admin runs Composer, (2) place a crafted DLL in C:\ProgramData\ComposerSetup...

Microsoft Windows and Microsoft Windows Server Elevation of Privilege Vulnerability (CNVD-2020-48258)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. Windows Setup is a Windows operating system installation program. An elevation of privileg...

The vulnerability of the Setup component in mobile applications of Oracle CRM Gateway for Mobile Devices allows a perpetrator to gain unauthorized access to protected information or to modify, add, or delete data.

The vulnerability of the Setup component in mobile applications belonging to the Oracle CRM Gateway for Mobile Devices is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the Setup component in mobile applications of Oracle CRM Gateway for Mobile Devices allows a perpetrator to gain unauthorized access to protected information or to modify, add, or delete data.

The vulnerability of the Setup component in mobile applications belonging to the Oracle CRM Gateway for Mobile Devices is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

CVE-2020-14324

A high severity vulnerability was found in all active versions of Red Hat CloudForms before 5.11.7.0. The out of band OS command injection vulnerability can be exploited by authenticated attacker while setuping conversion host through Infrastructure Migration Solution. This flaw allows attacker t...

Windows Setup Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows Setup in the way it handles permissions. A locally authenticated attacker could run arbitrary code with elevated system privileges. After successfully exploiting the vulnerability, an attacker could then install programs; view, change, or...

PT-2020-3724 · Microsoft · Windows Setup

Name of the Vulnerable Software and Affected Versions: Windows Setup versions 1803 through 2004 Description: An elevation of privilege issue exists in the way Windows Setup handles permissions, allowing a locally authenticated attacker to run arbitrary code with elevated system privileges. This...

CVE-2020-7817

MyBrowserPlus downloads the files needed to run the program through the setup file Setup.inf. At this time, there is a vulnerability in downloading arbitrary files due to insufficient integrity verification of the files...

KITT-Lite

This is an offensive tool for wireless network exploitation. It is a collection of scripts and tools for various wireless-related tasks, including wireless network scanning, device identification, and password cracking. The toolset includes scripts for tasks such as: Wireless network scanning usi...

The vulnerability of the DBI Setup component of the Oracle E-Business Intelligence application allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of the DBI Setup component of the Oracle E-Business Intelligence application is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify, add, or delete data using the HTTP protocol...

The vulnerability of the DBI Setup component of the Oracle E-Business Intelligence application allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of the DBI Setup component of the Oracle E-Business Intelligence application is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify, add, or delete data using the HTTP protocol...

Permission Manager - A Project That Brings Sanity To Kubernetes RBAC And Users Management, Web UI FTW

Welcome to the Permission Manager! Permission Manager is an application developed by SIGHUP that enables a super-easy and user-friendly RBACmanagement for Kubernetes. If you are looking for a simple and intuitive way of managing your users within a Kubernetes cluster, this is the right place. Wit...

Mozilla: Automatic account setup leaks Microsoft Exchange login credentials

If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This...

Mozilla: Automatic account setup leaks Microsoft Exchange login credentials

If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This...

Important Announcement

ATTENTION: Your vulnerability tests are out of maintenance and not updated since July 1st 2020. Your setup of Greenbone Source Edition will not report about any new threats in your scanned environment since this date! REASON: Your Greenbone setup is connected to a discontinued download protocol o...

RHEL 8 : thunderbird (RHSA-2020:3046)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3046 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.10.0. Security Fixes: Mozilla:...

CVE-2019-12000

HPE has found a potential Remote Access Restriction Bypass in HPE MSE Msg Gw application E-LTU prior to version 3.2 when HTTPS is used between the USSD and an external USSD service logic application. Update to version 3.2 and update the HTTPS configuration as described in the HPE MSE Messaging...

Browsing serverInfo anonymously gives version number information

h3. Issue Summary Browsing serverInfo anonymously gives version number information h3. Steps to Reproduce curl https:///rest/api/2/serverInfo navigate to https:///rest/api/2/serverInfo in a browser h3. Expected Results Fail to connect h3. Actual Results The below exception is thrown in the...

CVE-2020-15646

If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This...

Mozilla: Automatic account setup leaks Microsoft Exchange login credentials

If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This...