Improper authorization in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.
Windows DNS Server Remote Code Execution Vulnerability
IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands.
A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1296.
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
Improper verification of cryptographic signature in Microsoft Azure Functions allows an authorized attacker to execute code over a network.
Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.
Improper authorization in Azure allows an authorized attacker to elevate privileges over a network.
A SQL injection issue in a database stored function in TrueConf Server 5.2.0.10225 (fixed in 5.2.6.10025) allows a low-privileged database user to execute arbitrary SQL commands as the database administrator, resulting in execution of arbitrary code.
Stack-based buffer overflow in Microsoft Fabric Data Warehouse allows an authorized attacker to execute code over a network.
Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network.
Improper authorization in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Improper authorization in Azure Automation allows an authorized attacker to elevate privileges over a network.
Improper handling of insufficient permissions or privileges in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a privilege escalation vulnerability when using the SAML Web Inbound Trust Association Interceptor (TAI). IBM X-Force ID: 202006.
Weak authentication in Windows Active Directory Certificate Services allows an authorized attacker to elevate privileges over a network.
Microsoft SharePoint Server Remote Code Execution Vulnerability
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote user to gain elevated privileges on the system. IBM X-Force ID: 201300.
Microsoft SharePoint Server Remote Code Execution Vulnerability
A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient neutralisation of user input on the url parameter on the Proxy.type.php endpoint, external users are capable of accessing files on the server.
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Server-side request forgery (ssrf) in Microsoft Entra Provisioning Service (SyncFabric) allows an authorized attacker to elevate privileges over a network.
Missing authentication for critical function in Azure CycleCloud allows an authorized attacker to elevate privileges over a network.
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
Missing authorization in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.
Improper neutralization of special elements used in a command ('command injection') in Windows Admin Center allows an authorized attacker to execute code over a network.
Relative path traversal in Windows Admin Center allows an authorized attacker to execute code over a network.
Improper input validation in Windows Kerberos allows an authorized attacker to elevate privileges over a network.
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Exchange Server allows an authorized attacker to execute code over a network.
Incorrect authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.
Microsoft Windows Media Foundation Remote Code Execution Vulnerability
The move_uploaded_file function in godomall5 does not perform an integrity check of extension or authority when user upload file. This vulnerability allows an attacker to execute an remote arbitrary code.
Improper authorization in Active Directory Certificate Services (AD CS) allows an authorized attacker to elevate privileges over a network.
Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.
Deserialization of untrusted data in SQL Server allows an authorized attacker to execute code over a network.
Missing authentication for critical function in Windows Server Update Service allows an authorized attacker to elevate privileges over a network.
Incorrect implementation of authentication algorithm in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
Use after free in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges over a network.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Media allows an authorized attacker to elevate privileges over a network.
Heap-based buffer overflow in Windows DHCP Server allows an authorized attacker to execute code over a network.
Execution with unnecessary privileges in Azure Synapse allows an authorized attacker to elevate privileges over a network.
Use after free in DNS Server allows an authorized attacker to execute code over a network.