Microsoft Azure Machine Learning elevation of privilege vulnerability (CNVD-2025-17136)

Microsoft Azure Machine Learning is a machine learning services platform from Microsoft USA. Microsoft Azure Machine Learning has a security vulnerability that can be exploited by an attacker to potentially cause elevation of privilege...

CVE-2019-17136

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Cloud Filter Arbitrary File Creation / Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CVE-2020-1170 Cloud Filter Arbitrary File Creation EOP', 'Description' = %q The Cloud Filter driver, cldflt.sys, on Windows 10 v1803 and later,...

CVE-2020-17136

creationtimestamp| type| source ---|---|--- 2021-01-11 22:23:00+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/cve202017136.rb 2024-10-09 20:01:43+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/2490 2025-02-06...

CVE-2020-17136

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability...

CVE-2020-17136

CVE-2020-17136 concerns the Windows Cloud Files Mini Filter Driver (cldflt.sys) and its Cloud Filter/mini-filter stack. The issue stems from the HsmpOpCreatePlaceholders path where FltCreateFileEx() is called without IO_FORCE_ACCESS_CHECK/OBJ_FORCE_ACCESS_CHECK flags, allowing user-controlled inp...

Microsoft Windows Multiple Vulnerabilities (KB4592449)

This host is missing a critical security update according to Microsoft KB4592449 SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

KB4592449: Windows 10 Version 1903 and Windows 10 Version 1909 December 2020 Security Update

The remote Windows host is missing security update 4592449. It is, therefore, affected by multiple vulnerabilities: - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962,...

KB4592446: Windows 10 Version 1803 December 2020 Security Update

The remote Windows host is missing security update 4592446. It is, therefore, affected by multiple vulnerabilities: - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the...

KB4592440: Windows 10 Version 1809 and Windows Server 2019 December 2020 Security Update

The remote Windows host is missing security update 4592440. It is, therefore, affected by multiple vulnerabilities: - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962,...

KB4592438: Windows 10 Version 2004 December 2020 Security Update

The remote Windows host is missing security update 4592438. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. CVE-2020-17095, CVE-2020-17096 - An memor...

CVE-2019-17136

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2019-17136

Foxit PhantomPDF 9.5.0.20723 is affected by a DXF-to-PDF parsing vulnerability. The flaw causes a read past the end of an allocated structure during DXF file conversion, allowing remote code execution in the attacker's context. Exploitation requires user interaction (visiting a malicious page or ...

CVE-2018-17136

CVE-2018-17136 affects ZZCMS v8.3, with a SQL Injection in /user/check.php exploitable via the Client-Ip HTTP header. Root cause is improper handling of the header leading to SQL command injection. Exploitation details are not provided beyond the architectural description; CVSS metrics indicate a...

CVE-2017-17136

PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700...

CVE-2017-17136

The CVE-2017-17136 issue is a heap overflow in Huawei’s PEM module across multiple products (e.g., DP300, IPS, NGFW, S series, USG, ViewPoint, etc.). Root cause: insufficient verification in the PEM processing flow, allowing an authenticated local attacker to crash the process by presenting a cra...

Security Advisory - Multiple Vulnerabilities of PEM Module in Some Huawei Products

There is a null pointer reference vulnerability in PEM module of Huawei products due to insufficient verification. An authenticated local attacker calls PEM decoder with special parameter, which could cause a denial of service. Vulnerability ID: HWPSIRT-2017-06047 This vulnerability has been...

netbusinessrating.com XSS vulnerability

Vulnerable URL: http://netbusinessrating.com/en/?lang=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| Yes, at 23.11.2017 Latest check for patch:| 23.11.2017 21:01 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 17136...