Search Results | AttackerKB

Show filters

Topics 100 Users 9,714

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

100 Total Results

Displaying 61-70 of 100

Attacker Value

Unknown

CVE-2018-12989

Disclosure Date: August 03, 2018 (last updated November 27, 2024)

The report-viewing feature in Pearson VUE Certiport Console 8 and IQSystem 7 before 2018-06-26 mishandles child processes and consequently launches Internet Explorer or Microsoft Edge as Administrator, which allows local users to gain privileges.

0

Attacker Value

Unknown

CVE-2018-13862

Disclosure Date: July 17, 2018 (last updated November 27, 2024)

Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) allow unauthorized remote attackers to reset the authentication via the "/xml/system/setAttribute.xml" URL, using the GET request "?id=0&attr=protectAccess&newValue=0" (a successful attack will allow attackers to login without authorization).

0

Attacker Value

Unknown

CVE-2018-13859

Disclosure Date: July 17, 2018 (last updated November 27, 2024)

MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18, allow unauthorized remote attackers to reset the authentication via the "/xml/system/setAttribute.xml" URL, using the GET request "?id=0&attr=protectAccess&newValue=0" (a successful attack will allow attackers to login without authorization).

0

Attacker Value

Unknown

CVE-2018-13860

Disclosure Date: July 17, 2018 (last updated November 27, 2024)

MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18 allows unauthorized remote attackers to obtain sensitive information via the "/xml/menu/getObjectEditor.xml" URL, using a "?oid=systemSetup&id=_0" or "?oid=systemUsers&id=_0" GET request.

0

Attacker Value

Unknown

CVE-2018-13858

Disclosure Date: July 17, 2018 (last updated November 27, 2024)

MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using the GET request "?action=reboot" for example.

0

Attacker Value

Unknown

CVE-2018-13861

Disclosure Date: July 17, 2018 (last updated November 27, 2024)

Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using the GET request "?action=reboot" for example.

0

Attacker Value

Unknown

CVE-2015-3454

Disclosure Date: September 06, 2017 (last updated November 26, 2024)

TelescopeJS before 0.15 leaks user bcrypt password hashes in websocket messages, which might allow remote attackers to obtain password hashes via a cross-site scripting attack.

0

Attacker Value

Unknown

CVE-2017-12443

Disclosure Date: August 17, 2017 (last updated November 26, 2024)

The mdjvu_bitmap_pack_row function in base/4bitmap.c in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.

0

Attacker Value

Unknown

CVE-2017-12444

Disclosure Date: August 17, 2017 (last updated November 26, 2024)

The mdjvu_bitmap_get_bounding_box function in base/4bitmap.c in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.

0

Attacker Value

Unknown

CVE-2017-12442

Disclosure Date: August 17, 2017 (last updated November 26, 2024)

The row_is_empty function in base/4bitmap.c:272 in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.

0