CVE-2019-14329

An issue was discovered in EspoCRM before 5.6.6. There is stored XSS due to lack of filtration of user-supplied data in Create Task. A malicious attacker can modify the parameter name to contain JavaScript code...

Cross site scripting

An issue was discovered in EspoCRM before 5.6.6. There is stored XSS due to lack of filtration of user-supplied data in Create Task. A malicious attacker can modify the parameter name to contain JavaScript code...

CVE-2019-14329

An issue was discovered in EspoCRM before 5.6.6. There is stored XSS due to lack of filtration of user-supplied data in Create Task. A malicious attacker can modify the parameter name to contain JavaScript code...

Microsoft Windows Task Scheduler Local Privilege Escalation

Microsoft Windows Task Scheduler local EoP Report by Social Engineering Neo. Affected Platforms: - Microsoft Windows ≤10 Tested On: - Windows 10 build 1809, 1903 & Windows 7 SP1. Tested on the most recent security patch. July 2019 Class: - Improper Authorization - CWE-285. Remote Code Execution...

Realization Concerto Critical Chain Planner SQL Injection Vulnerability

Realization Concerto Critical Chain Planner CCPM is a project management software package. A SQL injection vulnerability exists in the taskupdt/taskdetails.aspx web page in Realization CCPM version 5.10.8071. The vulnerability stems from a database-based application that lacks validation of...

Meet Extenbro, a new DNS-changer Trojan protecting adware

Recently, we uncovered a new DNS-changer called Extenbro that comes with an adware bundler. These DNS-changers block access to security-related sites, so the adware victims can’t download and install security software to get rid of the pests. From our viewpoint, this might be like sending in an...

Microsoft Windows Task Scheduler Privilege Escalation Vulnerability

Microsoft Windows Task Scheduler suffers from a local privilege escalation vulnerability. The Windows MMC auto-elevates members of the 'administrators' group via the GUI and MMC snap-ins via mmc.exe automatically elevate without prompting UAC potentially leading to unintentional elevation of...

CVE-2019-13027

Realization Concerto Critical Chain Planner aka CCPM 5.10.8071 has SQL Injection in at least in the taskupdt/taskdetails.aspx webpage via the projectname parameter...

The vulnerability of the SetJobFileSecurityByName function in the Windows operating system’s task scheduler allows a malicious actor to escalate their privileges.

The vulnerability of the SetJobFileSecurityByName function in the Windows Task Scheduler operating system is related to deficiencies in file operation checks. Exploiting this vulnerability can allow an attacker to increase their privileges...

Moderate: Red Hat Security Advisory: ansible security and bug fix update

An update for ansible is now available for Ansible Engine 2.8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Moderate: Red Hat Security Advisory: ansible security and bug fix update

An update for ansible is now available for Ansible Engine 2.8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

CVE-2019-9873

In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8...

UBUNTU-CVE-2019-9873

In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8...

Design/Logic Flaw

In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8...

CVE-2019-9873

In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8...

CVE-2019-9873

CVE-2019-9873 affects JetBrains IntelliJ IDEA Ultimate. When configuring Task Servers, the IDE could store server credentials in plaintext in its configuration files, exposing sensitive data. The root cause is cleartext storage of secrets in the IDE’s configuration. The issue has been fixed in th...

Windows Escalate UAC Protection Bypass Via SilentCleanup Exploit

There's a task in Windows Task Scheduler called "SilentCleanup" which, while it's executed as Users, automatically runs with elevated privileges. When it runs, it executes the file %windir%\system32\cleanmgr.exe. Since it runs as Users, and we can control user's environment variables, %windir%...

Windows Escalate UAC Protection Bypass Via SilentCleanup

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Escalate UAC Protection Bypass Via SilentCleanup', 'Description' = %q There's a task in Windows Task Scheduler called "SilentCleanup"...

EulerOS 2.0 SP8 : polkit (EulerOS-SA-2019-1656)

According to the versions of the polkit packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in PolicyKit aka polkit 0.115 that allows a user with a uid greater than INTMAX to successfully execute any systemctl...

Vulnerability of the start_TA_task function (with a shift of 0x137F7C) in the TEE OS Trusted Core component of the operating system’s SMC handler. This vulnerability allows a malicious actor to trigger a service failure in the Huawei Mate 9 Pro mobile phone’s microprogramming system.

The vulnerability of the startTAtask function with a offset of 0x137F7C in the SMC handler of the operating system TEE OS Trusted Core in the microprogramming environment of the Huawei Mate 9 Pro mobile phone is related to the assignment of an untrusted pointer. Exploiting this vulnerability can...