Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page.

Windows Network File System Remote Code Execution Vulnerability

DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a crafted LLMNR broadcast query or (2) a crafted application, aka "DNS Query Vulnerability."

The vulnerability causing from insufficient verification procedures for downloaded files during WebCube update. Remote attackers can bypass this verification logic to update both digitally signed and unauthorized files, enabling remote code execution.

Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays.

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. This could have led to accidental execution of malicious code. *This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

Microsoft SQL Server Elevation of Privilege Vulnerability

Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability

Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

Multiple directory traversal vulnerabilities in (1) languages/Language.php and (2) includes/StubObject.php in MediaWiki 1.8.0 and other versions before 1.16.2, when running on Windows and possibly Novell Netware, allow remote attackers to include and execute arbitrary local PHP files via vectors related to a crafted language file and the Language::factory function.

The Web Services on Devices API (WSDAPI) in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly process the headers of WSD messages, which allows remote attackers to execute arbitrary code via a crafted (1) message or (2) response, aka "Web Services on Devices API Memory Corruption Vulnerability."

An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network.

Remote code execution vulnerability due to insufficient user privilege verification in reverseWall-MDS. Remote attackers can exploit the vulnerability such as stealing account, through remote code execution.

Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability

Microsoft SharePoint Server Elevation of Privilege Vulnerability

An issue was discovered in Heimdal Thor agent versions 3.4.2 and before 3.7.0 on Windows, allows attackers to bypass USB access restrictions, execute arbitrary code, and obtain sensitive information via Next-Gen Antivirus component. NOTE: Heimdal argues that the limitation described here is a Microsoft Windows issue, not a Heimdal specific vulnerability. The USB control solution by Heimdal is meant to manage Microsoft Windows native USB restrictions. They maintain that their solution functions as a management layer over Windows settings and is not to blame for limitations in Windows' detection capabilities.

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when manipulating internal methods through Java RMI interface.

CLTPHP <=6.0 is vulnerable to Improper Input Validation.

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential remote code execution without requiring prior authentication on the Java RMI interface.

In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension.

In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe).

Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability

The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user.

An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to bypass network filtering, execute arbitrary code, and obtain sensitive information via DarkLayer Guard threat prevention module. NOTE: Heimdal disputes the validity of this issue arguing that their DNS Security for Endpoint filters DNS traffic on the endpoint by intercepting system-generated DNS requests. The product was not designed to intercept DNS requests from third-party solutions.

awstats.cgi in AWStats before 7.0 on Windows accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located at a UNC share pathname.

A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.

IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 218281.

The user interface in Microsoft Cluster Service (MSCS) in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to read or modify data on these disks via requests to the associated share, aka "Permissions on New Cluster Disks Vulnerability."

In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator's invalid sign-on count to be incremented on the IBM Spectrum Protect Server. An attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to the IBM Spectrum Protect Server. IBM X-Force ID: 226325.

Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on Windows allows remote attackers to execute arbitrary code via unknown vectors.

A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality.

IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.

Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.

An authenticated attacker can exploit an untrusted search path vulnerability in Microsoft Dataverse to execute code over a network.

Unspecified vulnerability in HP Insight Orchestration for Windows before 6.1 allows remote attackers to read or modify data via unknown vectors.

Textpattern 4.7.3 contains an aribtrary file load via the file_insert function in include/txp_file.php.

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows arbitrary file download and deletion via absolute path traversal in the path parameter.

Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability

CWE-502 Deserialization of Untrusted Data at the rabbitmq-connector plugin module in Apache EventMesh (incubating) V1.7.0\V1.8.0 on windows\linux\mac os e.g. platforms allows attackers to send controlled message and remote code execute via rabbitmq messages. Users can use the code under the master branch in project repo to fix this issue, we will release the new version as soon as possible.