6 matches found
CVE-2020-13534
A privilege escalation vulnerability exists in Dream Report 5 R20-2. COM Class Identifiers CLSID, installed by Dream Report 5 20-2, reference LocalServer32 and InprocServer32 with weak privileges which can lead to privilege escalation when used. An attacker can provide a malicious file to trigger...
CVE-2020-13534
A privilege escalation vulnerability exists in Dream Report 5 R20-2. COM Class Identifiers CLSID, installed by Dream Report 5 20-2, reference LocalServer32 and InprocServer32 with weak privileges which can lead to privilege escalation when used. An attacker can provide a malicious file to trigger...
Privilege escalation
A privilege escalation vulnerability exists in Dream Report 5 R20-2. COM Class Identifiers CLSID, installed by Dream Report 5 20-2, reference LocalServer32 and InprocServer32 with weak privileges which can lead to privilege escalation when used. An attacker can provide a malicious file to trigger...
CVE-2020-13534
A privilege escalation vulnerability exists in Dream Report 5 R20-2. COM Class Identifiers CLSID, installed by Dream Report 5 20-2, reference LocalServer32 and InprocServer32 with weak privileges which can lead to privilege escalation when used. An attacker can provide a malicious file to trigger...
jackson-databind: Serialization gadgets in classes of the xalan package
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...
VulnCheck KEV: CVE-2005-2087
Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects...