38 matches found
CVE-2018-8394
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows...
CVE-2018-0976
A denial of service vulnerability exists in Remote Desktop Protocol RDP when an attacker connects to the target system using RDP and sends specially crafted requests, aka "Windows Remote Desktop Protocol RDP Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows...
April 10, 2018—KB4093115 (Security-only update)
April 10, 2018—KB4093115 Security-only update Improvements and fixes This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Windows Update and WSUS will offer this update to applicable Windows client and serve...
CVE-2017-0086
CVE-2017-0086 affects the Uniscribe component (usp10.dll) used by Windows GDI drawing paths. The connected details identify the vulnerability as a heap memory corruption in USP10!MergeLigRecords, triggered during font processing (font tables like BASE/GSUB/GPOS/etc.). The Windows products listed ...
Citrix License Server for Windows and License Server VPX Denial of Service Vulnerabilities
Citrix License Server for Windows and License Server VPX are both products of Citrix Systems. The former is a Windows-based authentication server and the latter is an authentication server appliance. A security vulnerability exists in Citrix License Server for Windows versions prior to 11.14.0.1...
CVE-2016-3375
The OLE Automation mechanism and VBScript scripting engine in Microsoft Internet Explorer 9 through 11, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow remote attackers to...
CVE-2016-3375
The OLE Automation mechanism and VBScript scripting engine in Microsoft Internet Explorer 9 through 11, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow remote attackers to...
Ubiquiti Inc.: UniFi Video Server - Arbitrary file upload as SYSTEM
In UniFi Video Server prior to 3.3.0, due to lack of filename verification, it was possible to upload files to arbitrary locations using a especially crafted HTTP request. The exploit require valid credentials and is only exploitable in the Windows version...
Microsoft Remote Desktop Session Host CVE-2015-2472 Spoofing Vulnerability
Description Microsoft Remote Desktop Session Host is prone to a security vulnerability that may allow attackers to conduct spoofing attacks. Attackers can exploit this issue to spoof and impersonate a legitimate user. Other attacks are also possible. Technologies Affected Microsoft SQL Server 200...
CVE-2014-3523
Memory leak in the winntaccept function in server/mpm/winnt/child.c in the WinNT MPM in the Apache HTTP Server 2.4.x before 2.4.10 on Windows, when the default AcceptFilter is enabled, allows remote attackers to cause a denial of service memory consumption via crafted requests...
Mereo Web Server 1.8 - Source Code Disclosure
Mereo Web Server 1.8 - Source Code Disclosure Mereo Web Server v1.8 Multiple Remote Source Code Disclosure Found By: DrIDE Tested On: Windows XPSP3 - Description - Mereo Web Server v1.8 is a Windows based HTTP server. This is the latest version of the application available. Mereo is vulnerable to...
DoS in Plug and Play Web Server Proxy Server
DoS in Plug and Play Web Server Proxy Server ============================== Plug & Play server is a HTTP/FTP/NEWS/MAIL/TELNET/DNS/DHCP/HTTP-PROXY server, running on Windows platforms. Version: 1.0002c -------- Vendor: www.pandpsoft.com ------- Vulnerability: -------------- Sending the following...
Pipe Filename Local Privilege Escalation FAQ
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We have received several inquiries regarding the advisory, "Named Pipe Filename Local Privilege Escalation" that was published by @stake on 07/08/2003. These answers should clarify where the vulnerability actually lies so customers can make informed...
Cisco Secure Access Control Server for Windows Admin Buffer Overflow Vulnerability
...
anhttpd141c_exploit.java
Advisory Information -------------------- Name : AN HTTPD Vendor Homepage : http://www.st.rim.or.jp/nakata/ Platforms : Windows9x/Me/NT/2000/XP Vulnerability Type : stack overflow very easy to exploit Vendor Contacted : 17/10/2002 Vendor Replied : 20/10/2002 Vulnerable Versions : 1.30 to 1.41c No...
Internet Explorer 11 RTM - Non MR
New detectoid for Windows Server 2012 and Windows 8 Embedded with regards to IE11 CU. This det is needed for these two products for IE11 CU since they are not going to be a part of the current IE CU MR logic...
Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP for x64-based Systems (KB2518864)
A security issue has been identified that could allow an attacker to compromise your Windows-based system that is running the Microsoft .NET Framework and gain complete control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you m...
Security Update for Microsoft .NET Framework 3.5 on Windows Server 2003 and Windows XP x86 (KB2416468)
A security issue has been identified that could allow an attacker to compromise your Windows-based system that is running the Microsoft .NET Framework and gain access to information. You can help protect your computer by installing this update from Microsoft. After you install this item, you may...