Remote Procedure Call Runtime Remote Code Execution Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'.
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Server-side request forgery (ssrf) in Microsoft Entra Provisioning Service (SyncFabric) allows an authorized attacker to elevate privileges over a network.
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0957.
Missing authentication for critical function in Azure CycleCloud allows an authorized attacker to elevate privileges over a network.
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
Missing authorization in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.
Improper neutralization of special elements used in a command ('command injection') in Windows Admin Center allows an authorized attacker to execute code over a network.
Relative path traversal in Windows Admin Center allows an authorized attacker to execute code over a network.
Improper input validation in Windows Kerberos allows an authorized attacker to elevate privileges over a network.
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Exchange Server allows an authorized attacker to execute code over a network.
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted authentication request to an affected SharePoint server, aka "Microsoft SharePoint Server Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint.
Incorrect authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.
A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) version 8 when the server fails to properly sanitize web requests to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability." This affects Microsoft Dynamics 365.
Microsoft Windows Media Foundation Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka "Microsoft SharePoint Remote Code Execution Vulnerability." This affects Microsoft SharePoint.
Heap-based buffer overflow in Windows Network File System allows an authorized attacker to elevate privileges over a network.
The move_uploaded_file function in godomall5 does not perform an integrity check of extension or authority when user upload file. This vulnerability allows an attacker to execute an remote arbitrary code.
Improper authorization in Active Directory Certificate Services (AD CS) allows an authorized attacker to elevate privileges over a network.
Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.
Deserialization of untrusted data in SQL Server allows an authorized attacker to execute code over a network.
Missing authentication for critical function in Windows Server Update Service allows an authorized attacker to elevate privileges over a network.
Incorrect implementation of authentication algorithm in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
Use after free in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges over a network.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Media allows an authorized attacker to elevate privileges over a network.
The BlackBerry Collaboration Service in Research In Motion (RIM) BlackBerry Enterprise Server (BES) 5.0.3 through MR4 for Microsoft Exchange and Lotus Domino allows remote authenticated users to log into arbitrary user accounts associated with the same organization, and send messages, read messages, read contact lists, or cause a denial of service (login unavailability), via unspecified vectors.
Dynamics Business Central Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows DHCP Server allows an authorized attacker to execute code over a network.
Skype for Business and Lync Remote Code Execution Vulnerability
Execution with unnecessary privileges in Azure Synapse allows an authorized attacker to elevate privileges over a network.
Use after free in DNS Server allows an authorized attacker to execute code over a network.
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
Microsoft Exchange Server Remote Code Execution Vulnerability
Authentication bypass by assumed-immutable data in ASP.NET Core allows an authorized attacker to elevate privileges over a network.
Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges over a network.
Microsoft SharePoint Server Remote Code Execution Vulnerability
Incorrect implementation of authentication algorithm in ASP.NET Core allows an authorized attacker to elevate privileges over a network.
Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an authorized attacker to execute code over a network.
Server-side request forgery (ssrf) in Azure OpenAI allows an authorized attacker to elevate privileges over a network.
Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's WebSocket control plane trusts client-supplied identity and role fields in task messages. A client connection can register as a normal device, but later send a TASK message claiming client_type="constellation" and target_id=<victim-device-id>. The server trusts the role and target values from the wire message rather than enforcing the role registered for that WebSocket connection. As a result, any authenticated WebSocket client with the shared server token can spoof the higher-privilege constellation role and dispatch attacker-controlled tasks to another connected device. The same client registry also allows duplicate client_id registration, overwriting an existing live client's stored websocket, role, and task protocol. This is an authenticated WebSocket role/identity spoofing issue leading to peer task hijacking.
Stack-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code over a network.
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.