Microsoft Windows Elevation of Privilege Vulnerability (CNVD-2018-05575)

Microsoft Windows is a series of operating systems released by Microsoft Corporation in the U.S. AppContainer is one of the runtime environments. An elevation of privilege vulnerability exists in Microsoft Windows. A local attacker can exploit this vulnerability by logging on to the system and...

CVE-2018-0851

Microsoft Office 2007 SP2, Microsoft Office Word Viewer, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run C2R allow a remote code execution vulnerability, due to how Office handles objects in memory, aka "Microsoft Offi...

CVE-2018-0841

Microsoft Office 2016 Click-to-Run allows a remote code execution vulnerability due to how objects are handled in memory, aka "Office Remote Code Execution Vulnerability"...

CVE-2018-0841

Microsoft Office 2016 Click-to-Run allows a remote code execution vulnerability due to how objects are handled in memory, aka "Office Remote Code Execution Vulnerability"...

Information disclosure

Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run C2R allow an information disclosure vulnerability, due to how Office initializes the affected variable, aka "Microsoft Office Information Disclosure Vulnerability"...

Remote code execution

Microsoft Office 2016 Click-to-Run allows a remote code execution vulnerability due to how objects are handled in memory, aka "Office Remote Code Execution Vulnerability"...

CVE-2018-0841

Microsoft Office 2016 Click-to-Run allows a remote code execution vulnerability due to how objects are handled in memory, aka "Office Remote Code Execution Vulnerability"...

CVE-2018-0850

CVE-2018-0850 affects Microsoft Outlook and Office components across Outlook 2007/2010/2013/2016 and Office 2016 Click-to-Run. The root cause is how the format of incoming messages is validated, enabling elevation of privileges when a victim processes a specially crafted email. Connected sources ...

CVE-2018-0841

CVE-2018-0841 is a remote code execution vulnerability in Microsoft Office 2016 Click-to-Run (C2R) stemming from how Office objects are handled in memory. The NVD entry (and corroborating sources) describe it as a network-exploitable issue with high impact (C/H/I/A all High) and a CVSSv3 base sco...

Microsoft Office 2016 Click-to-Run Remote Code Execution Vulnerability

Microsoft Office 2016 Click-to-Run is an office software suite product developed by Microsoft Corporation USA. A remote code execution vulnerability exists in Microsoft Office 2016 Click-to-Run that stems from the program failing to properly handle objects in memory. A remote attacker can exploit...

Microsoft Excel CVE-2018-0841 Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected Microsoft...

Microsoft Office CVE-2018-0853 Information Disclosure Vulnerability

Description Microsoft Office is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Office 2010 Service Pack 2 32-bit editions Microsoft Office 2010 Service Pack 2 64-bi...

Juju-run Agent Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Juju-run Agent Privilege Escalation', 'Description' = %q This module attempts to gain root privileges on Juju agent systems running the juju-run...

Sandstorm Arbitrary File Read Vulnerability

Sandstorm is a personal cloud platform. The platform features file storage, application management, task and project management, and more. A security vulnerability exists in versions prior to Sandstorm build 0.203, which stems from the failure of the 'findFilesToZip' function to filter newline n...

Debian: Security Advisory (DLA-1120-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2017-1000502

Users with permission to create or configure agents in Jenkins 1.37 and earlier could configure an EC2 agent to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of these agents now requires the 'Run Scripts' permission typically only...

Elevation Of Privileges

speaks is vulnerable to elevation of privileges. Users who have the Job/Configure permission can run Groovy code inside the Jenkins JVM, elevating their privilege to Overall/Run Scripts...

CVE-2017-1000403

Jenkins Speaks! Plugin, all current versions, allows users with Job/Configure permission to run arbitrary Groovy code inside the Jenkins JVM, effectively elevating privileges to Overall/Run Scripts...

CVE-2017-1000393

Jenkins 2.73.1 and earlier, 2.83 and earlier users with permission to create or configure agents in Jenkins could configure a launch method called 'Launch agent via execution of command on master'. This allowed them to run arbitrary shell commands on the master node whenever the agent was suppose...

CVE-2017-1000393

Jenkins 2.73.1 and earlier, 2.83 and earlier users with permission to create or configure agents in Jenkins could configure a launch method called 'Launch agent via execution of command on master'. This allowed them to run arbitrary shell commands on the master node whenever the agent was suppose...