Lenovo Hit With Criticism Over Second Rootkit-Like Utility

Lenovo is under fire again for installing a covert utility on laptops and desktops that some users have compared to a rootkit. The issue stems from a utility called the Lenovo Service Engine, that is designed to collect some system information and send it to Lenovo at the time the machine connect...

Microsoft Windows Hyper-V Remote Code Execution Vulnerability (3072000)

This host is missing a critical security update according to Microsoft Bulletin MS15-068. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

MS15-068: Vulnerabilities in Windows Hyper-V Could Allow Remote Code Execution (3072000)

The remote Windows host is affected by multiple remote code execution vulnerabilities in Hyper-V : - An error exists in how Hyper-V handles packet size memory initialization in guest virtual machines. An authenticated attacker with access to a guest virtual machine can exploit this by running a...

Buffer overflow

Hyper-V in Microsoft Windows 8.1 and Windows Server 2012 R2 does not properly initialize guest OS system data structures, which allows guest OS users to execute arbitrary code on the host OS or cause a denial of service buffer overflow by leveraging guest OS privileges, aka "Hyper-V Buffer Overfl...

Design/Logic Flaw

Hyper-V in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly initialize guest OS system data structures, which allows guest OS users to execute arbitrary code on the host OS by leveraging guest OS privileges, aka "Hyper-V...

CVE-2015-2362

Hyper-V in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly initialize guest OS system data structures, which allows guest OS users to execute arbitrary code on the host OS by leveraging guest OS privileges, aka "Hyper-V...

Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the libmono-system-data1.0-cil package of the Debian GNU/Linux operating system may lead to violations of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

MTools 3.9.x MFormat Privilege Escalation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9746/info It has been reported that mformat is prone to a privilege escalation vulnerability when installed as a setUID application. This issue is due to a design error allowing a user to create any arbitrary files as the...

PT-2014-4538 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Description: The issue allows remote authenticated users to read files by sending a crafted URL to the HTTP server, potentially accessing sensitive information suc...

Unencrypted Windows Error Reporting Crash Reports a Treasure

One of the revelations from latest Snowden document leaks described how the U.S. National Security Agency was able to intercept Microsoft Windows Error Reporting logs in order to fingerprint machines for potential compromise. The German publication Der Spiegel says the documents indicated the NSA...

Empire cms 7.0 background to get shell-vulnerability warning-the black bar safety net

Empire CMS7. 0 background can upload the mod suffix PHP file and execute inside php code. Into the backgroundit! Method a: system data tables with the system model-management data table and then randomly selected one data table, open the corresponding data table of the“management system model”as...

Microsoft SharePoint Directory Traversal (MS13-024; CVE-2013-0084)

An elevation of privilege exists in Microsoft SharePoint Server. The vulnerability is due to an error in the way Microsoft SharePoint handles specially crafted URLs. A remote attacker may exploit this issue by enticing a target user to open a specially crafted web page. An attacker who successful...

Debian Security Advisory DSA 1767-1 (multipath-tools)

The remote host is missing an update to multipath-tools announced via advisory DSA 1767-1. OpenVAS Vulnerability Test $Id: deb17671.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1767-1 multipath-tools Authors: Thomas Reinke Copyright: Copyright c 2009...

Debian: Security Advisory (DSA-1767-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DSA-1767-1 multipath-tools - denial of service

Bulletin has no description...

CVE-2006-0374

Advantage Century Telecommunication ACT P202S IP Phone 1.01.21 running firmware 1.1.21 has multiple undocumented ports available, which 1 might allow remote attackers to obtain sensitive information, such as memory contents and internal operating-system data, by directly accessing the VxWorks WDB...

NetSec Security Advisory: Multiple Vulnerabilities Resulting From Use Of Apple OSX HFS+

------------------------ NetSec Security Advisory ------------------------ VULNERABILITY DETAILS Name: Multiple Vulnerabilities Resulting From Use Of Apple OSX HFS+ Impact: HIGH Platform: Apple OS X Darwin = 10.2 Method: Possible unauthorized access to file system data Identifier: 07012005-01...

CVE-2002-2069

PGP 6.x and 7.x does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted...

CVE-1999-1488

sdrd daemon in IBM SP2 System Data Repository SDR allows remote attackers to read files without authentication...

PT-1999-1207 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned Description: A WWW server is not running in a restricted file system, such as through a chroot, allowing access to system-critical data. Recommendations: At the moment, there is no information about ...