CVE-2020-7361 ZenTao Pro Command Injection

The EasyCorp ZenTao Pro application suffers from an OS command injection vulnerability in its '/pro/repo-create.html' component. After authenticating to the ZenTao dashboard, attackers may construct and send arbitrary OS commands via the POST parameter 'path', and those commands will run in an...

The vulnerability of the Windows Diagnostics Execution Service in the Windows operating system allows a perpetrator to elevate their privileges and execute arbitrary code.

The vulnerability of the Windows Diagnostics Execution Service in the Windows operating system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitrary code using a specially created application...

The vulnerability of the SharedStream library in Windows operating systems allows a perpetrator to elevate their privileges and execute arbitrary code.

The vulnerability of the SharedStream library in Windows operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitrary code...

Vulnerability of the Microsoft Graphics component in the Windows operating system, allowing a hacker to execute arbitrary code

The vulnerability of the Microsoft Graphics component in the Windows operating system relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially crafted file...

The vulnerability of AppX Deployment Extensions in Windows operating systems allows attackers to enhance their privileges.

The vulnerability of AppX Deployment Extensions in Windows operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges through a specially created application...

The vulnerability of the Windows Jet Database Engine database management system in the Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of the Windows Jet Database Engine database management system in Windows operating systems is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of the Windows Jet Database Engine database management system in the Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of the Windows Jet Database Engine database management system in Windows operating systems is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of the UPnP Device Host service for Windows operating systems allows attackers to increase their privileges.

The vulnerability of the UPnP Device Host service for Windows operating systems is related to incorrect handling of objects in memory. Exploiting this vulnerability can allow an attacker to enhance their privileges through a specially created application...

The vulnerability of the DirectWrite programming interface in Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the DirectWrite application programming interface in Windows operating systems is related to errors in object handling in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of the diagnostic tool for Mobile Device Management applications, which allows attackers to escalate their privileges.

The vulnerability of the diagnostic tool for Mobile Device Management MDM applications that diagnose Windows operating systems is related to improper handling of files. Exploiting this vulnerability can allow attackers to enhance their privileges through a specially created application...

Microsoft Windows ALPC Elevation of Privilege Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. A security vulnerability exists in Microsoft Windows ALPC, which arises from a program tha...

The vulnerability of the System Events Broker component in the Windows operating system allows a hacker to exploit their privileges.

The vulnerability of the System Events Broker component in the Windows operating system is related to errors in file operation handling. Exploiting this vulnerability can allow an attacker to enhance their privileges through a specially created application...

The vulnerability of the Credential Picker component of the Windows operating system, which allows a hacker to escalate their privileges

The vulnerability of the Credential Picker component in the Windows operating system exists due to errors in memory object handling. Exploiting this vulnerability can allow an attacker to enhance their privileges through a specially created application...

The vulnerability of the Local Security Authority Subsystem Service (LSASS) in the Windows operating system allows a perpetrator to trigger a service failure.

The vulnerability of the Local Security Authority Subsystem Service LSASS in the Windows operating system exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures through a specially crafted reque...

The vulnerability of the Microsoft Windows USO Core Worker component of the Windows operating system, which allows a hacker to escalate their privileges

The vulnerability of the Microsoft Windows USO Core Worker component of the Windows operating system is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to enhance their privileges...

Microsoft Windows Storage Service Elevation of Privilege Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows Storage Service, which...

Microsoft Remote Desktop Client Remote Code Execution Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. A remote code execution vulnerability exists in the Microsoft Remote Desktop Client, which...

Microsoft Windows Cryptography Next Generation Key Isolation Elevation of Privilege Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. An elevation of privilege vulnerability exists in the Microsoft Windows CNG Key Isolation...

Vulmap

This is an open-source online local vulnerability scanner project called Vulmap. It consists of online local vulnerability scanning programs for Windows and Linux operating systems. The project is designed to scan installed software on the host, query the Vulmon API for vulnerabilities, and print...

The vulnerability of the Spatial Data component of the Windows operating system, which allows attackers to escalate their privileges

The vulnerability of the Spatial Data component of the Windows operating system is related to errors in object handling in memory. Exploiting this vulnerability can allow an attacker to increase their privileges...