Blog Posts Tagged with "Privilege Escalation"

1de705dde1cf97450678321cd77853d9

Migrating South: The Devolution Of Security From Security

December 20, 2012 Added by:Ian Tibble

Is the typical security portfolio of system administrators wide enough to form the foundations of an effective information security program? Not really. In fact its some way short. Security Analysts need to have a grasp not only on file system permissions, they need to know how attackers actually elevate privileges...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: GarrettCom Magnum Privilege Escalation

September 04, 2012 Added by:Infosec Island Admin

Successful exploitation of this vulnerability could allow escalation of privileges to full administrative access. The privilege escalation could provide the attacker a vector for making changes to settings, or initiating a complete device shutdown causing a denial of service...

Comments  (0)

B451da363bb08b9a81ceadbadb5133ef

Oracle Security Alert Analysis

August 19, 2012 Added by:Alexander Rothacker

So, what is this new vulnerability all about? It’s a privilege escalation vulnerability that gives an attacker SYSDBA privileges. In order to perform the exploit, one needs to have CREATE TABLE and CREATE PROCEDURE privileges as well as EXECUTE privileges on DBMS_STATS package...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Siemens COMOS Privilege Escalation Vulnerability

August 16, 2012 Added by:Infosec Island Admin

Siemens has reported a privilege escalation vulnerability in the Siemens COMOS database application. Authenticated users with read privileges could escalate their privileges by exploiting this vulnerability. Thus, the attacker is able to gain administrator access to the database...

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

Network Security: Presence, Persistence, and Pivoting

August 08, 2012 Added by:Rob Fuller

Explaining what goes through an attackers head when they get a shell is virtually impossible, even more so to generalize into a methodology, but I’ve tried to do that with the "Three P’s of Post Exploitation” - they are in a certain order for a reason, but certainly up to circumstance to what order is best...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: ICONICS GENESIS32 and BizViz Vulnerabilities

August 06, 2012 Added by:Infosec Island Admin

Researchers identified an authentication bypass vulnerability leading to privilege escalation in the ICONICS GENESIS32 and BizViz applications whcih can allow an attacker to bypass normal authentication methods, granting full administrative control over the system...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Apple Releases OS X and Safari Security Updates

May 11, 2012 Added by:Headlines

Apple has released critical security updates for OS X and Safari to address several vulnerabilities which could allow an attacker to obtain sensitive information, execute arbitrary code, escalate privileges, conduct a cross-site scripting attack, or cause a denial-of-service...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: ABB Multiple Components Buffer Overflow

April 11, 2012 Added by:Infosec Island Admin

Researchers have identified a buffer overflow vulnerability in multiple components of the ABB WebWare Server application which could lead to a denial-of-service for the application and privilege escalation or could allow an attacker to execute arbitrary code...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Invensys Wonderware Server Multiple Vulnerabilities

April 04, 2012 Added by:Infosec Island Admin

Researchers have identified multiple vulnerabilities in the Invensys Wonderware Information Server which if exploited could allow denial of service, information disclosure, remote code execution, or session credential high jacking. Invensys has developed a security update...

Comments  (0)

3e35900ae6facc6c146a85c435c71d82

Implementing Least Privilege

March 15, 2012 Added by:Ben Rothke

Least privilege is the notion that in a particular abstraction layer of a computing environment every module - such as a process, a user or a program depending on the subject - must be able to access only the information that is necessary for its legitimate purpose...

Comments  (1)

Fc152e73692bc3c934d248f639d9e963

Examining the Top Ten Database Threats

March 14, 2012 Added by:PCI Guru

Most attacks are perpetrated inside the perimeter, so protection from an inside attack is important. Once an attacker is on the inside, it is easy to use SQL injection or other techniques to obtain data. Organizations are just beginning to understand the insider threat...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Robot Communication Runtime Buffer Overflow

March 05, 2012 Added by:Infosec Island Admin

A buffer overflow vulnerability in the Robot Communication Runtime software used to communicate with IRC5, IRC5C, and IRCP robot controllers could allow an attacker to cause a denial of service and potentially execute remote code with administrator privileges...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Cisco Released Multiple Security Advisories

March 02, 2012 Added by:Infosec Island Admin

Cisco has released six security advisories this week to address vulnerabilities that may allow an attacker to execute arbitrary code, cause a denial-of-service condition, operate with escalated privileges and bypass security restrictions...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Siemens Simatic WinCC Vulnerabilities

January 31, 2012 Added by:Headlines

Successful exploitation of these vulnerabilities could allow an attacker to log on to a vulnerable system as a user or administrator with the ability to execute arbitrary code or obtain full access to files on the system. Publicly available exploits are known...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: 7T IGSS Graphical SCADA System Vulnerability

January 17, 2012 Added by:Headlines

Researcher Kuang-Chun Hung of ICST has identified an unsafe search path vulnerability. Successful exploitation may allow an attacker using social engineering to execute arbitrary code and gain the same privileges as the user that is currently logged into the system...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Separation of Duties for System Administrators

January 09, 2012 Added by:Rafal Los

How do our organizations treat administrators (more specifically highly privileged users) when they are removed from active duty? It seems that in large organizations the issue is easier to at last draw a line around than in smaller orgs - but the problems remain...

Comments  (1)

Page « < 1 - 2 > »