9 matches found
UBUNTU-CVE-2018-18358
Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file...
New HTTPS URL Leakage Attack Leaves PCs, Macs, Linux Systems Vulnerable
LAS VEGAS — Researchers have found flaws in the Web Proxy AutoDiscovery protocol tied to DHCP and DNS servers that allow hackers spy on HTTPS-protected URLs and launch a myriad of different malicious attacks against Linux, Windows or Mac computers. According to the security firm SafeBreach, this...
Cumulative Update for Windows 10 version 1511 and Windows Server 2016 Technical Preview 4: June 14, 2016
None None...
Cumulative update for Windows 10: June 14, 2016
None None...
Elevation of Privilege Vulnerability Found in Microsoft Windows WPAD Agent
Microsoft Windows is a series of operating systems released by the American company Microsoft. An elevation of privilege vulnerability exists in Microsoft Windows that stems from a program's inability to properly handle certain proxy discovery scenarios using the Web Proxy Autodiscovery WPAD...
Microsoft Windows WPAD Elevation of Privilege Vulnerability
Microsoft Windows is a series of operating systems released by the American company Microsoft. An elevation of privilege vulnerability exists in the Web Proxy Autodiscovery WPAD protocol for Microsoft Windows. An attacker could exploit this vulnerability to bypass security checks and obtain...
June 14, 2016 — KB3163017 (OS Build 10240.16942)
None None...
Microsoft Windows DNS Server WPAD Access Validation Vulnerability
Description The Microsoft Windows DNS Server is prone to an access-validation vulnerability because the software fails to properly restrict access when defining WPAD Web Proxy Autodiscovery Protocol entries. An authenticated attacker may exploit this issue to create a WPAD DNS entry. This may aid...
Privilege escalation
The default configuration of Microsoft Windows uses the Web Proxy Autodiscovery Protocol WPAD without static WPAD entries, which might allow remote attackers to intercept web traffic by registering a proxy server using WINS or DNS, then responding to WPAD requests, as demonstrated using Internet...