Textpattern 4.7.3 contains an aribtrary file load via the file_insert function in include/txp_file.php.
Improper access control in Imagine Cup allows an authorized attacker to elevate privileges over a network.
Microsoft SharePoint Server Information Disclosure Vulnerability
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
An issue was discovered in linqi before 1.4.0.1 on Windows. There is an NTLM hash leak via the /api/Cdn/GetFile and /api/DocumentTemplate/{GUID] endpoints.
An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows arbitrary file download and deletion via absolute path traversal in the path parameter.
Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
CWE-502 Deserialization of Untrusted Data at the rabbitmq-connector plugin module in Apache EventMesh (incubating) V1.7.0\V1.8.0 on windows\linux\mac os e.g. platforms allows attackers to send controlled message and remote code execute via rabbitmq messages. Users can use the code under the master branch in project repo to fix this issue, we will release the new version as soon as possible.
IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 246333
Windows TCP/IP Information Disclosure Vulnerability
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
Windows TCP/IP Remote Code Execution Vulnerability
Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network.
An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an attacker to achieve a remote code execution state on affected products.
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
Windows NFS Portmapper Information Disclosure Vulnerability
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
An issue was discovered in linqi before 1.4.0.1 on Windows. There is LDAP injection.
The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, does not retrieve available new JRE versions, which allows remote attackers to leverage vulnerabilities in older releases of this software, aka Bug Id 6869694.
Microsoft SQL Server Elevation of Privilege Vulnerability
Microsoft Outlook Elevation of Privilege Vulnerability
Multiple SQL injection vulnerabilities in login.asp (aka the login screen) in LogRover 2.3 and 2.3.3 on Windows allow remote attackers to execute arbitrary SQL commands via the (1) uname and (2) pword parameters. NOTE: some of these details are obtained from third party information.
No exception handling vulnerability which revealed sensitive or excessive information to users.
Priority Windows may allow Command Execution via SQL Injection using an unspecified method.
HTTP Protocol Stack Remote Code Execution Vulnerability
Microsoft Word Remote Code Execution Vulnerability
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Input Validation vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction.
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction.
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction.
Windows iSCSI Discovery Service Remote Code Execution Vulnerability
Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via an X.509 certificate that has a malformed ASN.1 Object Identifier (OID) and was issued by a legitimate Certification Authority, aka "Integer Overflow in X.509 Object Identifiers Vulnerability."
Microsoft Exchange Server Information Disclosure Vulnerability
Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability
Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability
Microsoft Exchange Server Elevation of Privilege Vulnerability
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
<p>An information disclosure vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p> <p>To exploit this vulnerability, an attacker would need to run a specially crafted application against a server which provides Remote Desktop Protocol (RDP) services.</p> <p>The update addresses the vulnerability by correcting how RDP handles connection requests.</p>
Raw Image Extension Remote Code Execution Vulnerability
Microsoft Outlook Information Disclosure Vulnerability
Raw Image Extension Remote Code Execution Vulnerability
An issue was discovered in linqi before 1.4.0.1 on Windows. There is /api/Cdn/GetFile local file inclusion.
Microsoft Protected Extensible Authentication Protocol (PEAP) Information Disclosure Vulnerability
The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via vectors related to erroneous free operations after reading a variant from a stream and deleting this variant, aka "ATL Object Type Mismatch Vulnerability."
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Microsoft Defender for Endpoint Security Feature Bypass Vulnerability
Windows Network File System Remote Code Execution Vulnerability
Windows Hyper-V Security Feature Bypass Vulnerability
An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows an NTLMv2 hash leak via a UNC share pathname in the path parameter.
Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.
Raw Image Extension Remote Code Execution Vulnerability