CVE-2020-1439

A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source markup of XML file input, aka 'PerformancePoint Services Remote Code Execution Vulnerability'...

CVE-2020-1147

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'...

CVE-2020-1147

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'...

.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible...

PerformancePoint Services Remote Code Execution Vulnerability

A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for...

Security Only Update for .NET Framework 2.0, 3.0, 4.5.2, 4.6 for Windows Server 2008 SP2 (KB4566469)

Security Only Update for .NET Framework 2.0, 3.0, 4.5.2, 4.6 for Windows Server 2008 SP2 KB4566469 Notice Revised 6/8/2021 On June 8th, 2021, this update was released to replace a previous update to address a “revocation server was offline” error that may occur during installation. If you've...

PT-2020-3077

Name of the Vulnerable Software and Affected Versions .NET Framework versions prior to the fixed version Microsoft SharePoint versions prior to the fixed version Visual Studio versions prior to the fixed version Description A remote code execution issue exists due to the software's failure to...

Security Updates for Microsoft .NET Framework (July 2020)

The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability : - A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the...

CVE-2020-1147

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka ‘.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability’. Recent assessments:...

Security Update for .NET Core (July 2020)

The Microsoft .NET Core installation on the remote host is version 2.1.x 2.1.20 or 3.1.x 3.1.6. It is, therefore, affected by a remote code execution RCE vulnerability due to failing to check the source markup of XML file input. An unauthenticated, remote attacker can exploit this, by issuing...

Cisco Enterprise NFV Infrastructure Software Cross-Site Scripting Vulnerability

Cisco Enterprise NFV Infrastructure Software is a lightweight virtualization platform that integrates complete VM lifecycle management, monitoring, device programmability, and service chaining in one installable package. A cross-site scripting vulnerability exists in the Web portal framework of...

Microsoft Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability

Team Foundation Server is a Microsoft product that provides source code management, reporting, requirements management, project management, automated build, lab management, testing, and release management capabilities. Azure DevOps Server, formerly known as Team Foundation Server TFS, is a locall...

CVE-2019-2105

In FileInputStream::Read of fileinputstream.cc, there is a possible memory corruption due to uninitialized data. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android...

CVE-2019-1893

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system OS of an affected device as root. The vulnerability is due to insufficient input validation of a configuration file...

CVE-2019-12099

In PHP-Fusion 9.03.00, editprofile.php allows remote authenticated users to execute arbitrary code because includes/dynamics/includes/formfileinput.php and includes/classes/PHPFusion/Installer/Lib/Core.settings.inc mishandle executable files during avatar upload...

CVE-2018-20778

admin/?/plugin/filemanager in Frog CMS 0.9.5 allows XSS by creating a new file containing a crafted attribute of an IMG element...

CVE-2019-1000016

FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability in libavcodec/cbsav1.c that can result in Denial of service. This attack appears to be exploitable via specially crafted AV1 file has to be provided as input. This vulnerability appears to have been fixed in...

CVE-2018-18987

VT-Designer Version 2.1.7.31 is vulnerable by the program populating objects with user supplied input via a file without first checking for validity, allowing attacker supplied input to be written to known memory locations. This may cause the program to crash or allow remote code execution...

TOOL UPDATE: Cameradar v2.1.0

PenTestIT RSS Feed My initial post covering this open source Real Time Streaming Protocol RTSP surveillance camera access multi-tool was about an older version - Cameradar v2.0.0. A lot has happened since then and an update – Cameradar v2.1.0 was made available by the author. This version comes...

CVE-2018-1000223

SoundStretch command-line utility packaged with SoundTouch library is vulnerable to heap-based buffer overflow in WavFile.cpp:WavInFile::readHeaderBlock function that can lead to arbitrary code execution when processing untrusted file input...