134 matches found
CVE-2019-3906
Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents...
Description of Preview of Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows Server 2012 (KB 4467086)
Description of Preview of Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows Server 2012 KB 4467086 Applies to: Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6.1, Microsoft .NET Framework 4.6.2, Microsoft .NET Framework 4.7, Microsoft .NET Framework...
CVE-2018-13101
KioskSimpleService.exe in RedSwimmer KioskSimple 1.4.7.0 suffers from a privilege escalation vulnerability in the WCF endpoint. The exposed methods allow read and write access to the Windows registry and control of services. These methods may be abused to achieve privilege escalation via executio...
Privilege escalation
KioskSimpleService.exe in RedSwimmer KioskSimple 1.4.7.0 suffers from a privilege escalation vulnerability in the WCF endpoint. The exposed methods allow read and write access to the Windows registry and control of services. These methods may be abused to achieve privilege escalation via executio...
CVE-2018-13101
KioskSimpleService.exe in RedSwimmer KioskSimple 1.4.7.0 has a privilege escalation flaw in the WCF endpoint. The exposed methods allow read/write access to the Windows registry and control of services, which attackers could abuse to escalate privileges via execution of attacker-controlled binari...
CVE-2018-13101
KioskSimpleService.exe in RedSwimmer KioskSimple 1.4.7.0 suffers from a privilege escalation vulnerability in the WCF endpoint. The exposed methods allow read and write access to the Windows registry and control of services. These methods may be abused to achieve privilege escalation via executio...
Windows: Dolby Audio X2 Service EoP (CVE-2017-7293)
Windows: Dolby Audio X2 Service Elevation of Privilege Platform: Windows 10 + Realtek Audio Driver version 6.0.1.7898 on a Lenovo P50. Version of the service binary 0.7.2.61 built on 7/18/2016. Class: Elevation of Privilege Summary: The DAX2API service installed as part of the Realtek Audio Drive...
Windows 10 Realtek Audio Driver 6.0.1.7898 - Dolby Audio X2 Service Privilege Escalation Vulnerabili
The DAX2API service installed as part of the Realtek Audio Driver on Windows 10 is vulnerable to a privilege escalation vulnerability which allows a normal user to get arbitrary system privileges. Windows: Dolby Audio X2 Service EoP CVE-2017-7293 Windows: Dolby Audio X2 Service Elevation of...
Realtek Audio Driver 6.0.1.7898 (Windows 10) - Dolby Audio X2 Service Privilege Escalation
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1075 Windows: Dolby Audio X2 Service Elevation of Privilege Platform: Windows 10 + Realtek Audio Driver version 6.0.1.7898 on a Lenovo P50. Version of the service binary 0.7.2.61 built on 7/18/2016. Class: Elevation of Privilege...
SAML logons fail on replicated Storefront Server
SAML enabled logons via Storefront configured and working on one SF3.0 server. When trying to setup a second one and after joining it to the server group we get "cannot log on using smart card". If we uninstall SF from that server and reinstall and configure it manually do not add it to the serve...
VideoCharge Software Watermark Master (CVE-2013-6935)
A stack based buffer overflow vulnerability was found in Watermark Master 2.2.23. The vulnerability is due to an error when Watermark Master improperly handles a specially crafted WCF file. Remote attackers can exploit this vulnerability and execute arbitrary code on the target machine by enticin...
联想 ThinkVantage System Update 软件 UNCServer.exe 后门漏洞
文章作者: DannyWei@腾讯玄武实验室 参考来源: http://drops.wooyun.org/papers/10231 原文标题: 一个PC上的 "WormHole" 漏洞 前言 --- 最近安全界关注的焦点 WormHole 是一类不安全的开发习惯所导致的,在 PC 上类似问题也毫不罕见,只不过很多风险被微软默认自带的防火墙缓解了。希望本文和众多关于 WormHole 的讨论能获多或少地提高一些开发人员的安全意识。 下面要介绍的问题可导致的后果和 WormHole 非常类似:影响上亿用户、访问一个端口发送一条指令就可以让目标系统下载一个程序并执行。...
Mail.ru: [allods.my.com] Full SQL Disclosure
Уязвимость имеет ту же природу, что и в 96729 и в 96727. Уязвимость возникает вследствие чтения ошибок через включенный Debug-режим. И там, и там - раскрытие информации за счёт debug-режима. Но для того, что бы раскрыть SQL запрос необходимо произвести Stress-тест многочисленными запросами любой...
CVE-2014-5286
The ActiveMatrix Policy Manager Authentication module in TIBCO ActiveMatrix Policy Agent 3.x before 3.1.2, ActiveMatrix Policy Manager 3.x before 3.1.2, ActiveMatrix Management Agent 1.x before 1.2.1 for WCF, and ActiveMatrix Management Agent 1.x before 1.2.1 for WebSphere allows remote attackers...
Watermark Master 2.2.23 - Buffer Overflow (SEH)
No description provided by source. !/usr/bin/python Exploit Title:Watermark Master Buffer Overflow SEH Date found: 31.10.2013 Exploit Author: metacom URL:http://www.videocharge.com/download.php Software Link:www.videocharge.com/download/WatermarkMasterInstall.exe Version: 2.2.23 Vulnerable...
CVE-2013-6935
Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the SourcePath value in a .wcf file...
Buffer overflow
Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the SourcePath value in a .wcf file...
CVE-2013-6935
Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the SourcePath value in a .wcf file...
Microsoft .NET Framework 身份验证绕过漏洞(CVE-2013-1337)(MS13-040)
BUGTRAQ ID: 59790 CVECAN ID: CVE-2013-1337 .NET就是微软的用来实现XML,Web Services,SOA(面向服务的体系结构service-oriented architecture)和敏捷性的技术。.NET Framework是微软开发的软件框架,主要运行在Microsoft Windows上。 当设置自定义 WCF 终结点身份验证时,Microsoft .NET Framework...
Authentication flaw
Microsoft .NET Framework 4.5 does not properly create policy requirements for custom Windows Communication Foundation WCF endpoint authentication in certain situations involving passwords over HTTPS, which allows remote attackers to bypass authentication by sending queries to an endpoint, aka...