U.S. Dept Of Defense: IDOR leading unauthenticated attacker to download documents discloses PII of users and soldiers via https://www.█████████/Download.aspx?id= [HtUS]

The API endpoint at https://www.█████████/Download.aspx?id= was found to be vulnerable to Insecure Direct Object Reference IDOR, allowing an unauthenticated attacker to download sensitive documents containing PII of users and soldiers...

PT-2019-2094

Name of the Vulnerable Software and Affected Versions Microsoft Windows Remote Desktop Services versions prior to patchday of May 2019 Windows 2003 Windows XP Windows Vista Windows 7 Windows Server 2008 Windows Server 2008 R2 Description A remote code execution vulnerability exists in Remote...