EUVD-2020-8913

An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run C2R AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges. To exploit this vulnerability, an attacker would need to convince a user to open a...

CVE-2020-16934 Microsoft Office Click-to-Run Elevation of Privilege Vulnerability

...

CVE-2020-16934

The CVE-2020-16934 issue affects Microsoft Office Click-to-Run (C2R) AppVLP, where elevation of privilege arises from how certain files are handled in memory. An attacker could exploit this by convincing a user to open a specially crafted file, potentially elevating privileges. Microsoft’s securi...

CVE-2020-16928 Microsoft Office Click-to-Run Elevation of Privilege Vulnerability

...

CVE-2020-16928

This CVE concerns Microsoft Office Click-to-Run (C2R) AppVLP, where an elevation of privilege occurs when processing certain files. Exploitation requires users to open a specially crafted file; the vulnerability is addressed by a security update that corrects how C2R components handle such files....

HackBrowserData - Decrypt Passwords/Cookies/History/Bookmarks From The Browser

hack-browser-data is an open-source tool that could help you decrypt data passwords / bookmarks / cookies / history from the browser. It supports the most popular browsers on the market and runs on Windows, macOS and Linux. Supported Browser Windows Browser | Password | Cookie | Bookmark | Histor...

Code injection

SAP Solution Manager and SAP Focused Run update provided in WILYINTROENTERPRISE 9.7, 10.1, 10.5, 10.7, allows an attacker to modify a cookie in a way that OS commands can be executed and potentially gain control over the host running the CA Introscope Enterprise Manager,leading to Code Injection...

CVE-2020-6364

CVE-2020-6364 affects SAP Solution Manager and SAP Focused Run. Exploitation allows an attacker to modify a cookie to execute OS commands, potentially gaining control of the host running CA Introscope Enterprise Manager and causing code injection, with read/modify of system files and impact to av...

CVE-2020-6364 — OS Command Injection Vulnerability in CA Introscope Enterprise Manager (Affected Products: SAP Solution Manager and SAP Focused Run)

SAP Solution Manager and SAP Focused Run update provided in WILYINTROENTERPRISE 9.7, 10.1, 10.5, 10.7, allows an attacker to modify a cookie in a way that OS commands can be executed and potentially gain control over the host running the CA Introscope Enterprise Manager,leading to Code Injection...

Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (Oct 2020)

This host is missing a critical security update according to Microsoft Office Click-to-Run updates. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Microsoft Office Click-to-Run Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run C2R AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges. To exploit this vulnerability, an attacker would need to convince a user to open a...

Microsoft Office Click-to-Run Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run C2R AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges. To exploit this vulnerability, an attacker would need to convince a user to open a...

Microsoft Office Click-to-Run Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run C2R AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges. To exploit this vulnerability, an attacker would need to convince a user to open a...

PT-2020-4280 · Microsoft · Office Click-To-Run

Name of the Vulnerable Software and Affected Versions: Microsoft Office Click-to-Run C2R affected versions not specified Description: The issue is related to errors in handling objects in memory, which can allow an attacker to elevate their privileges. To exploit this, an attacker would need to...

PT-2020-4318 · Microsoft · Office Click-To-Run

Name of the Vulnerable Software and Affected Versions: Microsoft Office Click-to-Run C2R affected versions not specified Description: The issue is related to the handling of certain files by Microsoft Office Click-to-Run C2R AppVLP, which can lead to an elevation of privilege. An attacker would...

PT-2020-4380 · Microsoft · Office Click-To-Run

Name of the Vulnerable Software and Affected Versions: Microsoft Office Click-to-Run C2R affected versions not specified Description: The issue is related to errors in handling objects in memory within the Microsoft Office Click-to-Run C2R component. It allows an attacker to elevate their...

run-wide.com Cross Site Scripting vulnerability OBB-1396116

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Denial of Service Vulnerability in Schneider PLC-M340

The Schneider-Electric M340 PLC is a high performance and stable controller for a wide range of industrial control applications. A denial of service vulnerability exists in the Schneider PLC-M340, which can be exploited by an attacker to cause the device's CPU RUN light to go out, the CPU module,...

Oracle Linux 7 : pcp (ELSA-2020-3869)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-3869 advisory. 4.3.2-12 - Fix pcp-atop dynamic memory initialization issues BZ 1818710 4.3.2-8 - Fix rpm %post privilege escalation CVEs BZs 1815249, 1815528 - Resolv...

PT-2020-6177 · Linux +8 · Linux +8

Name of the Vulnerable Software and Affected Versions: Linux affected versions not specified Description: A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. This issue allows a local user to increase their privileges to that of a running kernel on a...