293 matches found
SRC-2021-0012 : Microsoft Exchange Server ImportTransportRuleCollection ProcessE15Format Remote Code Execution Vulnerability (patch bypass)
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exchange Server. Authentication with the “Records Management” role is required to exploit this vulnerability. The specific flaw exists within the processing of the...
SRC-2021-0013 : Microsoft Exchange Server DlpUtils AddTenantDlpPolicy ruleParameters TOCTOU Remote Code Execution Vulnerability (patch bypass)
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exchange Server. Authentication with the “Data Loss Prevention” role is required to exploit this vulnerability. The specific flaw exists within the processing of the...
SRC-2021-0003 : Microsoft SharePoint Server SPSqlDataSource Information Disclosure Vulnerability (patch bypass)
Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the SPSqlDataSource class. The issue results from the lack ...
SRC-2020-0033 : Microsoft Exchange Server ImportTransportRuleCollection ProcessE15Format Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exchange Server. Authentication with the “Records Management” role is required to exploit this vulnerability. The specific flaw exists within the processing of the...
SRC-2021-0008 : NetMotion Mobility Server webrepdb StatusServlet Deserialization of Untrusted Data Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers execute arbitrary code on affected installations of NetMotion Mobility Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the StatusServlet class. The issue results from the lack o...
SRC-2021-0006 : NetMotion Mobility Server RpcServlet Deserialization of Untrusted Data Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers execute arbitrary code on affected installations of NetMotion Mobility Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RpcServlet class. The issue results from the lack of...
SRC-2021-0007 : NetMotion Mobility Server MvcUtil valueStringToObject Deserialization of Untrusted Data Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers execute arbitrary code on affected installations of NetMotion Mobility Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MvcUtil class. The issue results from the lack of prop...
SRC-2021-0005 : NetMotion Mobility Server SupportRpcServlet Deserialization of Untrusted Data Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers execute arbitrary code on affected installations of NetMotion Mobility Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SupportRpcServlet class. The issue results from the la...
SRC-2021-0019 : Microsoft SharePoint Server ProfilePropertyLoader Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose information on affected installations of Microsoft SharePoint Server. Authentication and user interaction is required to exploit this vulnerability. The specific flaw exists within the ProfilePropertyLoader control. The...
SRC-2021-0018 : Microsoft SharePoint Server OAuth Authorization Code Leak Elevation of Privilege Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to elevate privileges. User interaction is required required to exploit this vulnerability. The specific flaw exists in the oauthauthorize page. The issue results from a missing X-Frame-Options header when performing an authorizati...
SRC-2020-0032 : Microsoft Exchange Server DlpUtils AddTenantDlpPolicy Remote Code Execution Vulnerability (patch bypass)
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exchange Server. Authentication with the “Data Loss Prevention” role is required to exploit this vulnerability. The specific flaw exists within the processing of the...
SRC-2022-0004 : Microsoft SharePoint Server SPWebRequest SafeCreate TOCTOU DNS Rebinding Security Feature Bypass Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose bypass access IP restrictions on affected installations of Microsoft SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the SPWebRequest SafeCreate API. The issu...
SRC-2020-0024 : Microsoft SharePoint Server TOCTOU ControlParameter Binding Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the WebPartEditingSurfacePage class. The issue results from the lac...
SRC-2020-0034 : Microsoft SharePoint Server SPSqlDataSource Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the SPSqlDataSource class. The issue results from the lack ...
SRC-2020-0028 : Microsoft SharePoint Server PasswordRecovery Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the PasswordRecovery class. The issue results from the lack...
SRC-2020-0029 : Microsoft SharePoint Server DataFormParameter ParameterBinding Elevation of Privilege Vulnerability
Vulnerability Details: This vulnerability allows remote attackers escalate privileges on affected installations of Microsoft SharePoint Server when form based authentication is enabled. Authentication is required to exploit this vulnerability. The specific flaw exists within the Evaluate function...
SRC-2021-0001 : Microsoft SharePoint Server ContentEditorWebPart GetHttpWebResponse Server-Side Request Forgery Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the ContentEditorWebPart class. The issue results from the...
SRC-2020-0023 : Microsoft SharePoint Server SoapDataSource GetResponseString Server-Side Request Forgery Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose information on affected installations of SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the SoapDataSource class. The issue results from the lack of proper...
SRC-2020-0021 : Microsoft SharePoint Server SPHashtagHelper MakeOLSGetRequest Server-Side Request Forgery Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers disclose information and/or escalate privileges under certain conditions. Authentication is required to exploit this vulnerability. The specific flaw exists within the CallOLS function inside of the SPHashtagStoreManager class. The...
SRC-2020-0022 : Microsoft SharePoint Server DataFormWebPart CreateChildControls Server-Side Include Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the DataFormWebPart class. The issue results from the lack of prope...
SRC-2020-0020 : Microsoft SharePoint Server ExchangeAutodiscover GetDataFromURL Blind Server-Side Request Forgery Tampering Vulnerability
Vulnerability Details: This vulnerability allows remote attackers escalate privileges under certain conditions. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetFreeBusyStatusForOneUser function inside of the AsynchronousWebPartService class. The...
SRC-2020-0026 : Microsoft Exchange Server NewExchangeCertificate WriteRequest File Write Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exchange Server. Authentication with the “Exchange Server Certificates” role is required to exploit this vulnerability. The specific flaw exists within the processing of the...
SRC-2020-0025 : Microsoft Exchange Server ExportExchangeCertificate WriteCertiricate File Write Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exchange Server. Authentication with the “Exchange Server Certificates” role is required to exploit this vulnerability. The specific flaw exists within the WriteCertiricate...
SRC-2020-0019 : Microsoft Exchange Server DlpUtils AddTenantDlpPolicy Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exchange Server. Authentication with the “Data Loss Prevention” role is required to exploit this vulnerability. The specific flaw exists within the processing of the...
SRC-2021-0004 : Microsoft Exchange Server msExchEcpCanary Cross Site Request Forgery Elevation of Privilege Vulnerability
Vulnerability Details: This vulnerability allows remote attackers escalate privileges on affected installations of Microsoft Exchange Server. Authentication and user interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists with...
SRC-2020-0027 : Microsoft Exchange Server NewExchangeCertificate WriteRequest File Overwrite Denial of Service Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to cause a denial of service against affected installations of Exchange Server. Authentication with the “Exchange Server Certificates” role is required to exploit this vulnerability. The specific flaw exists within the processing o...
SRC-2020-0018 : Adobe Acrobat Reader DC Out-of-Bounds Read Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...
SRC-2020-0017 : Foxit Reader Heap Buffer Overflow Remote Code Execution vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists withi...
SRC-2020-0031 : Microsoft Exchange Server EWS RouteComplaint ParseComplaintData XML External Entity Processing Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose information on affected installations of Exchange Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of RouteComplaint SOAP requests to the EWS service...
SRC-2020-0030 : Microsoft Exchange Server OWA OneDriveProUtilities GetWacUrl XML External Entity Processing Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose information on affected installations of Exchange Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of GetWacIframeUrlForOneDrive service commands. The issu...
SRC-2020-0015 : Foxit Reader Link Index Out-of-Bounds Read Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exis...
SRC-2020-0010 : Schneider Electric EcoStruxure Operator Terminal Expert Hardcoded Cryptographic Key Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows local attackers to disclose sensitive information on affected installations of Schneider Electric EcoStruxure Operator Terminal Expert. Local access to project files is required to exploit this vulnerability. The specific flaw exists within the...
SRC-2021-0002 : CSCart templates.manage Server Side Template Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of CSCart. Authentication is required to exploit this vulnerability with the Files privilege. The specific flaw exists within the templates.manage dispatch method. The issue resul...
SRC-2020-0013 : Cisco UCS Director MyCallable call Directory Traversal Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco UCS Director and Cisco UCS Director Express for Big Data. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...
SRC-2020-0012 : Cisco UCS Director CIMCDownloadDiagnosticsReport doFormSubmit Directory Traversal Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco UCS Director and Cisco UCS Director Express for Big Data. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...
SRC-2020-0011 : ManageEngine Desktop Central FileStorage getChartImage Deserialization of Untrusted Data Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine Desktop Central. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FileStorage class. The issue results from the la...
SRC-2022-0001 : Zoho ManageEngine Desktop Central StateFilter Arbitrary Forward Authentication Bypass Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to bypass authentication on affected installations of ManageEngine Desktop Central. Authentication is not required to exploit this vulnerability. The specific flaw exists within the StateFilter class. The issue results from an...
SRC-2020-0007 : Cisco Data Center Network Manager SystemFileDAO deleteFile Directory Traversal Denial of Service Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...
SRC-2020-0006 : Cisco Data Center Network Manager PortMapperHandler getPortMappingDataLength SQL Injection Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...
SRC-2020-0009 : Cisco Data Center Network Manager SystemFileDAO saveData Directory Traversal Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...
SRC-2020-0008 : Cisco Data Center Network Manager SystemFileDAO getFile Directory Traversal Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...
SRC-2020-0003 : Cisco Data Center Network Manager SMUJobController getSMUTasks SQL Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...
SRC-2020-0002 : Cisco Data Center Network Manager ConfigArchiveRest importConfiguration Directory Traversal Denial of Service Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...
SRC-2020-0004 : Cisco Data Center Network Manager SwitchCredentialsHandler deleteCredentials SQL Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...
SRC-2020-0005 : Cisco Data Center Network Manager ConfigTemplateHandler getConfigTemplateJobInstance SQL Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...
SRC-2020-0001 : Cisco Data Center Network Manager HealthRest sqlCommandAPI Arbitrary SQL Execution Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...
SRC-2020-00 : Foxit Reader XObject Stream Uninitialized Object Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exis...
SRC-2019-0079 : Adobe Acrobat Pro DC Type PostScript File Out-of-Bounds Read Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...
SRC-2019-0080 : Adobe Acrobat Pro DC Type PostScript File Type Confusion Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
SRC-2019-0082 : Adobe Acrobat Pro DC Type PostScript File Type Confusion Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...