1634 matches found
Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability
Microsoft Open Management Infrastructure OMI within Azure VM Management Extensions contains an unspecified vulnerability that allows for privilege escalation...
Microsoft Exchange Server Privilege Escalation Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation...
Microsoft Windows Server Buffer Overflow Vulnerability
Microsoft Windows Server 2003 R2 contains a buffer overflow vulnerability in Internet Information Services IIS 6.0 which allows remote attackers to execute code via a long header beginning with "If: http://" in a PROPFIND request...
Microsoft Remote Desktop Services Remote Code Execution Vulnerability
Microsoft Remote Desktop Services, formerly known as Terminal Service, contains an unspecified vulnerability that allows an unauthenticated attacker to connect to the target system using RDP and send specially crafted requests. Successful exploitation allows for remote code execution. The...
Microsoft Windows DNS Server Remote Code Execution Vulnerability
Microsoft Windows DNS Servers fail to properly handle requests, allowing an attacker to perform remote code execution in the context of the Local System Account. The vulnerability is also known under the moniker of SIGRed...
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k fails to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attacker to run code in kernel mode...
Microsoft Windows Privilege Escalation Vulnerability
Microsoft Windows contains an unspecified vulnerability due to the way ws2ifsl.sys Winsock handles objects in memory, allowing for privilege escalation. Successful exploitation allows an attacker to execute code with elevated privileges...
Microsoft Office Memory Corruption Vulnerability
Microsoft Office contains a memory corruption vulnerability due to failure to properly handle rich text format files in memory. Successful exploitation allows for remote code execution in the context of the current user...
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability due to the way the Scripting Engine handles objects in memory. Successful exploitation could allow remote code execution in the context of the current user...
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability in how the scripting engine handles objects in memory. Successful exploitation allows for remote code execution in the context of the current user...
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain...
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user...
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain...
Microsoft Windows Print Spooler Remote Code Execution Vulnerability
Microsoft Windows Print Spooler contains an unspecified vulnerability that allows for remote code execution...
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains a privilege escalation vulnerability due to the component failing to properly handle objects in memory. Successful exploitation allows an attacker to run code in kernel mode...
Microsoft Windows Privilege Common Log File System (CLFS) Escalation Vulnerability
Microsoft Windows Common Log File System CLFS driver improperly handles objects in memory which can allow for privilege escalation...
Microsoft Windows Error Reporting (WER) Privilege Escalation Vulnerability
Microsoft Windows Error Reporting WER contains a privilege escalation vulnerability due to the way it handles files, allowing for code execution in kernel mode...
Mozilla Firefox And Thunderbird Type Confusion Vulnerability
Mozilla Firefox and Thunderbird contain a type confusion vulnerability due to incorrect alias information in the IonMonkey JIT compiler when setting array elements...
Netis WF2419 Devices Remote Code Execution Vulnerability
Netis WF2419 devices contains an unspecified vulnerability that allows an attacker to perform remote code execution as root through the router's web management page...
Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability
Ivanti Pulse Connect Secure contains an arbitrary file read vulnerability that allows an unauthenticated remote attacker with network access via HTTPS to send a specially crafted URI...
Roundcube Webmail File Disclosure Vulnerability
Roundcube Webmail contains a file disclosure vulnerability caused by insufficient input validation in conjunction with file-based attachment plugins, which are used by default...
SAP NetWeaver Directory Traversal Vulnerability
SAP NetWeaver Application Server Java Platforms contains a directory traversal vulnerability via a ..\ dot dot backslash in the fileName parameter to CrashFileDownloadServlet. This allows remote attackers to read files...
SolarWinds Orion Authentication Bypass Vulnerability
SolarWinds Orion API contains an authentication bypass vulnerability that could allow a remote attacker to execute API commands...
SolarWinds Serv-U Remote Code Execution Vulnerability
SolarWinds Serv-U contains an unspecified memory escape vulnerability which can allow for remote code execution...
SonicWall Email Security Path Traversal Vulnerability
SonicWall Email Security contains a path traversal vulnerability that allows a post-authenticated attacker to read files on the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20022 to achieve privilege escalation...
TeamViewer Desktop Bypass Remote Login Vulnerability
TeamViewer Desktop allows for bypass of remote-login access control because the same AES key is used for different customers' installations. If an attacker were to know this key, they could decrypt protected information stored in registry or configuration files or decryption of the Unattended...
Trend Micro Multiple Products Content Validation Escape Vulnerability
Trend Micro Apex One, OfficeScan, and Worry-Free Business Security agents contain a content validation escape vulnerability that could allow an attacker to manipulate certain agent client components...
Trend Micro Apex One and OfficeScan Authentication Bypass Vulnerability
Trend Micro Apex One and OfficeScan server contain a vulnerable EXE file that could allow a remote attacker to write data to a path on affected installations and bypass root login...
VMware ESXi and Horizon DaaS OpenSLP Heap-Based Buffer Overflow Vulnerability
VMware ESXi and Horizon Desktop as a Service DaaS OpenSLP contains a heap-based buffer overflow vulnerability that allows an attacker with network access to port 427 to overwrite the heap of the OpenSLP service to perform remote code execution...
VMware ESXi OpenSLP Use-After-Free Vulnerability
VMware ESXi OpenSLP contains a use-after-free vulnerability that allows an attacker residing in the management network with access to port 427 to perform remote code execution...
VMware vCenter Server Information Disclosure Vulnerability
VMware vCenter Server contains an information disclosure vulnerability in the VMware Directory Service vmdir when the Platform Services Controller PSC does not correctly implement access controls. Successful exploitation allows an attacker with network access to port 389 to extract sensitive...
VMware vCenter Server Improper Input Validation Vulnerability
VMware vSphere Client contains an improper input validation vulnerability in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server, which allows for remote code execution...
WordPress File Manager Plugin Remote Code Execution Vulnerability
WordPress File Manager plugin contains a remote code execution vulnerability that allows unauthenticated users to execute PHP code and upload malicious files on a target site...
?
?...