19 matches found
CVE-2023-45160
In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. by replacing a resource script file created by an instruction at run time with a malicious script. The 1E Client's temporary directory is now locke...
CVE-2023-45160 Elevated Temp Directory Execution in 1E Client
In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. by replacing a resource script file created by an instruction at run time with a malicious script. The 1E Client's temporary directory is now locke...
CVE-2022-38655
BigFix WebUI non-master operators are missing controls that prevent them from being able to modify the relevance of fixlets or to deploy fixlets from the BES Support external site...
CVE-2022-38655 HCL BigFix WebUI is affected by a missing-permission-check vulnerability
BigFix WebUI non-master operators are missing controls that prevent them from being able to modify the relevance of fixlets or to deploy fixlets from the BES Support external site...
NVIDIA GPU Display Driver - June 2020 Security Bulletin - Lenovo Support US
Lenovo Security Advisory: LEN-36925 Potential Impact: Privilege escalation, denial of service, information disclosure, code execution, tampering Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2020-5962, CVE-2020-5963, CVE-2020-5964, CVE-2020-5965, CVE-2020-5966, CVE-2020-5967,...
Rockstar Games: Open redirect affecting m.rockstargames.com/
In this report, the researcher identified an open redirect vulnerability on our Support site that impacted m.rockstargames.com, among other subdomains that were no longer actively being maintained. By addressing the problem on the Support site, we were able to prevent it from being further...
New Relic: GET request to accounts.json on support site leaks the root account license key and the browser license key to a restricted user
Overview As a restricted user, you cannot view the main account license key. If you are logged into your restricted user account, and visit https://support.newrelic.com/, when you attempt to create a ticket the root account license key will be exposed in the request. Steps to Reproduce 1. From a...
Rockstar Games: stored XSS (angular injection) in support.rockstargames.com using zendesk register form via name parameter
In this report, the researcher discovered that registering for our Support site using the Zendesk Registration Form allowed for entering an AngularJS Template Injection payload as the Username. This could have allowed an attacker to perform Stored XSS attacks or similar. We deployed a fix for thi...
Rockstar Games: Your support community suffers from angularjs injection and must be fixed immediately [CRITICAL]
In this report, the researcher found that due to our implementation of AngularJS on our Support site, we were susceptible to limited-scope code injection attacks. Particularly, they found that by injecting ... blocks in the comment body parameter, they were able to cause errors that could be...
Rockstar Games: Client-side Template Injection in Search, user email/token leak and maybe sandbox escape
In this report, the researcher was able to perform AngularJS Template Injection on our Support site in order to retrieve data, including email address, userid and tokens. Typically, a user is always able to retrieve this information about themselves and on its own, this is known behavior. However...
Rockstar Games: Stored XSS on support.rockstargames.com
In this report, the researcher was able to demonstrate a proof-of-concept exploit for a Stored XSS vulnerability on our Support site at support.rockstargames.com. The POC consisted of two parts; the setup and the trigger. The setup required entering a particular XSS payload in the Title for a new...
Lenovo Nerve Center for Desktops Privilege Escalation - Lenovo Support US
No description provided...
NVIDIA Linux GPU Display Driver contains missing permissions check and improper validation vulnerabilities - us
Lenovo Security Advisory: LEN-10962 Potential Impact: Privilege escalation Severity: Medium Scope of Impact: Industry-Wide CVE Identifier: CVE-2016-7382, CVE-2016-7389 Summary Description: The NVIDIA GPU Display Driver for Linux contains two privilege escalation vulnerabilities. CVE-2016-7382...
OWOX, Inc.: Broken Authentication & Session Management (Login Bypass) at support.owox.com
Hello Team, While I was testing your Web Application OWOX, I came to know that https://support.owox.com/ is Vulnerable to "Broken Authentication & Session Management Vulnerability" and it is possible to bypass the login very easily. When the user login with his credentials via gmail account, he...
Local Privilege Escalation or Denial of Service via the Intel® Graphics Driver
Lenovo Security Advisory: LEN-7484 Potential Impact: Local privilege escalation or denial of service Severity: High Scope of Impact: Industry-Wide CVE Identifier: CVE-2016-5647 Summary Description: Multiple potential vulnerabilities exist in the Intel® Graphics Driver for Microsoft Windows. These...
HackerOne: Weak HSTS age in support hackerone site
Send this request: GET https://support.hackerone.com HTTP/1.1 Connection: keep-alive Accept: application/json, text/javascript, /; q=0.01 X-Requested-With: XMLHttpRequest Content-Length: 0 User-Agent: Jakarta Commons-HttpClient/3.1 Host: support.hackerone.com Response header: HTTP/1.1 200 OK...
ESA-2015-106: EMC Unified Infrastructure Manager/Provisioning (UIM/P) Authentication Bypass Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-106: EMC Unified Infrastructure Manager/Provisioning UIM/P Authentication Bypass Vulnerability EMC Identifier: ESA-2015-106 CVE Identifier: CVE-2015-0546 Severity Rating: CVSS v2 Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C Affected products: ...
Gaming Mouse-Maker Razer Hit With Infected Firmware
Gamers trying to update their mouse or keyboard drivers from accessory maker Razer USA’s Web site recently may have gotten more than they bargained for. According to the IDG News Service, the company’s computers appear to have been hacked, and its support site used to spread malicious Trojan hors...
ROS-2-2353
2.2353 Notice of Update for RED OS Operating System RU.29926343.02.01-25 REDO SOFT LLC announces that the testing process for RED OS 8 has been completed, and the certified distribution version of RED OS 8 is now available. If you have questions regarding the purchase of a new installation kit...