The vulnerability of the Install component (developed by Dave Gamble/cJSON) in the Oracle TimesTen In-Memory Database application-level database allows a attacker to cause a service failure.

The vulnerability of the Install component developed by Dave Gamble/cJSON in the Oracle TimesTen In-Memory Database, a relational database at the application level, is related to insufficient checking of exceptional states. Exploiting this vulnerability could allow an attacker to cause service...

CVE-2020-16953

An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, an attacker would...

PT-2020-4307 · Microsoft · Windows Network Connections +1

Name of the Vulnerable Software and Affected Versions: Windows Network Connections affected versions not specified Description: The issue is related to errors in handling objects in memory by the Windows Network Connections Service, which can allow an attacker to elevate their privileges. A local...

PT-2020-4379 · Microsoft · Sharepoint Server

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Description: An information disclosure issue exists due to Microsoft SharePoint Server's improper handling of objects in memory. This could allow an attacker to obtain information th...

PT-2020-4386 · Microsoft · Office Access Connectivity Engine

Name of the Vulnerable Software and Affected Versions: Microsoft Office Access Connectivity Engine affected versions not specified Description: A remote code execution issue exists due to the improper handling of objects in memory by the Microsoft Office Access Connectivity Engine. This could all...

PT-2020-4381 · Microsoft · Sharepoint Foundation +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Foundation affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Description: An information disclosure issue...

PT-2020-4252 · Microsoft · Graphics Components +1

Name of the Vulnerable Software and Affected Versions: Microsoft Graphics Components affected versions not specified Description: A remote code execution issue exists in the way Microsoft Graphics Components handle objects in memory. This could allow an attacker to execute arbitrary code on a...

CVE-2020-1594

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

CVE-2020-1507

An elevation of privilege vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. To exploit the vulnerability, a user would have to open a specially...

EUVD-2020-12465

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

Microsoft Excel 2010 RCE and Information Disclosure Vulnerabilities (KB4486665)

This host is missing an important security update according to Microsoft KB4486665 Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

CVE-2020-1505

An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, an attacker would...

CVE-2020-1377

An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability...

PT-2020-3798 · Microsoft · Sharepoint Foundation +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Foundation affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Description: An information disclosure issue...

PT-2020-3823 · Microsoft · Windows State Repository Service +1

Name of the Vulnerable Software and Affected Versions: Windows State Repository Service affected versions not specified Description: An information disclosure issue exists due to the improper handling of objects in memory by the Windows State Repository Service. This could allow an attacker to...

PT-2020-3719 · Microsoft · Graphics Components +1

Name of the Vulnerable Software and Affected Versions: Microsoft Graphics Components affected versions not specified Description: A remote code execution issue exists in the way Microsoft Graphics Components handle objects in memory. An attacker who successfully exploits this issue could execute...

PT-2020-3657 · Microsoft · Windows Kernel Api +1

Name of the Vulnerable Software and Affected Versions: Windows Kernel API affected versions not specified Description: An elevation of privilege issue exists due to the improper handling of registry objects in memory by the Windows Kernel API. This could allow a locally authenticated attacker, wh...

PT-2020-3940 · Microsoft · Windows Jet Database Engine +1

Name of the Vulnerable Software and Affected Versions: Windows Jet Database Engine affected versions not specified Description: A remote code execution issue exists due to the improper handling of objects in memory by the Windows Jet Database Engine. This could allow an attacker to execute...

Chalumeau - Automated, Extendable And Customizable Credential Dumping Tool

Chalumeau is automated,extendable and customizable credential dumping tool based on powershell and python. Main Features Write your own Payloads In-Memory execution Extract Password List Dashboard reporting / Web Interface Parsing Mimikatz Dumping Tickets Screenshots Known Issues Parsing Mimikatz...

The vulnerability of the br.com.anteros.dbcp.AnterosDBCPConfig Java library for JSON file parsing with Jackson-Databind, which allows attackers to cause a service failure.

The vulnerability of the br.com.anteros.dbcp.AnterosDBCPConfig Java library for JSON file parsing involving Jackson-Databind is related to the restoration of unreliable data in memory. Exploiting this vulnerability can allow an attacker to cause service failures remotely...