Win32 File Enumeration Remote Code Execution Vulnerability
OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to allowing it to escalate its privileges
Use after free in Windows Remote Desktop Services allows an authorized attacker to elevate privileges over a network.
Azure Site Recovery Remote Code Execution Vulnerability
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 247632.
In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) due to an insecure session storage configuration.
Heap-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code over a network.
The member center function in fastadmin V1.0.0.20200506_beta is vulnerable to a Server-Side Template Injection (SSTI) vulnerability.
Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability
Windows Remote Desktop Licensing Service Spoofing Vulnerability
JPress through 5.1.1 on Windows has an arbitrary file upload vulnerability that could cause arbitrary code execution via ::$DATA to AttachmentController, such as a .jsp::$DATA file to io.jpress.web.commons.controller.AttachmentController#upload. NOTE: this is unrelated to the attack vector for CVE-2024-32358.
Azure CycleCloud Remote Code Execution Vulnerability
Power BI Report Server Spoofing Vulnerability
Azure Site Recovery Remote Code Execution Vulnerability
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Remote Registry Service Elevation of Privilege Vulnerability
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.
Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows an authenticated attacker to elevate privileges over a network.
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Azure Site Recovery Remote Code Execution Vulnerability
Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.
SoftPerfect NetWorx 7.1.1 on Windows allows an attacker to execute a malicious binary with potentially higher privileges via a low-privileged user account that abuses the Notifications function. The Notifications function allows for arbitrary binary execution and can be modified by any user. The resulting binary execution will occur in the context of any user running NetWorx. If an attacker modifies the Notifications function to execute a malicious binary, the binary will be executed by every user running NetWorx on that system.
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
A vulnerability was found in Viscosity 1.6.7. It has been classified as critical. This affects an unknown part of the component DLL Handler. The manipulation leads to untrusted search path. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.8 is able to address this issue. It is recommended to upgrade the affected component.
Azure Site Recovery Remote Code Execution Vulnerability
Azure Site Recovery Remote Code Execution Vulnerability
Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
Windows Imaging Component Remote Code Execution Vulnerability
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
Microsoft SQL Server Elevation of Privilege Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft SQL Server Elevation of Privilege Vulnerability
Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.
Windows Fax Service Remote Code Execution Vulnerability
Windows IP Routing Management Snapin Remote Code Execution Vulnerability
An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.
Azure CycleCloud Elevation of Privilege Vulnerability
Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to elevate privileges over a network.
An improper access control vulnerability in the Azure Managed Instance for Apache Cassandra allows an authenticated attacker to elevate privileges over a network.
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
Microsoft Defender for IoT Remote Code Execution Vulnerability
Improper input validation in Azure Virtual Network Gateway allows an authorized attacker to execute code over a network.
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Microsoft SQL Server Elevation of Privilege Vulnerability