Смотрите также связанные темы 04.02.2018 CVE-2009-0062 Unspecified vulnerability in the Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.2.173.0 allows remote authenticated users to gain privileges via unknown vectors, as demonstrated by escalation from the (1) Lobby Admin and (2) Local Management User privilege levels.
12.04.2018 CVE-2012-2230 Cloudera Manager 3.7.x before 3.7.5 and Service and Configuration Manager 3.5, when Kerberos is not enabled, does not properly install taskcontroller.cfg, which allows remote authenticated users to impersonate arbitrary user accounts via unspecified vectors, a different vulnerability than CVE-2012-1574.
11.06.2018 Resource 207: Kaspersky Lab Research Proves that Stuxnet and Flame Developers are Connected The discovery of the Flame malware in May 2012 revealed the most complex cyber-weapon to date. At the time of its discovery, there was no strong evidence of Flame being developed by the same team that delivered Stuxnet and Duqu. The approach to the development of Flame and Duqu/Stuxnet was different as well, which lead to the conclusion that these projects were created by separate teams. However, the following in-depth research, conducted by Kaspersky Lab’s experts, reveals that these teams in fact cooperated at least once during the early stages of development.Quick FactsKaspersky Lab discove...
18.03.2018 Honeywell HSC Remote Deployer ActiveX Remote Code Execution ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. # http://metasploit.com/framework/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML include Msf::Exploit::EXE def initialize(info={}) super(update_info(info, ...
20.09.2018 CVE-2010-5290 The authentication process in Adobe ColdFusion before 10 does not require knowledge of the cleartext password if the password hash is known, which makes it easier for context-dependent attackers to obtain administrative privileges by leveraging read access to the configuration file, a different vulnerability than CVE-2010-2861.
27.02.2018 CVE-2016-2521 Untrusted search path vulnerability in the WiresharkApplication class in ui/qt/wireshark_application.cpp in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 on Windows allows local users to gain privileges via a Trojan horse riched20.dll.dll file in the current working directory, related to use of QLibrary.
29.07.2018 Corporate News: Kaspersky Lab to discontinue technical support for version 6.0 home user products Kaspersky Lab, a leading developer of secure content management solutions, announces that technical support for the sixth generation of the company’s IT security products for home users – Kaspersky Anti-Virus 6.0 and Kaspersky Internet Security 6.0 – will be discontinued as of...
05.09.2018 Achieving Enterprise Compliance Validation with SCAP McAfee achieved a milestone last week when Policy Auditor received its Secure Content Automation Protocol (SCAP) Certification as a Federal Desktop Core Configuration (FDCC) Scanner, an Authenticated Configuration Scanner and an Authenticated Vulnerability and Patch Scanner.
What is SCAP and why was achieving a NIST SCAP certification a milestone? First the NIST Security Content Automation Protocol [...]
10.09.2018 CVE-2008-3012 gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corrupt...
20.10.2018 CVE-2008-4635 Unspecified vulnerability in Hisanaga Electric Co, Ltd. hisa_cart 1.29 and earlier, a module for XOOPS, allows remote attackers to obtain sensitive user information via unknown vectors.
|