An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.
Server-side request forgery (ssrf) in Microsoft Dynamics 365 Sales allows an authorized attacker to elevate privileges over a network.
A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview allows an authorized attacker to disclose information over a network.
Microsoft Exchange Server Elevation of Privilege Vulnerability
An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.
Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.
Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate privileges over a network.
Server-side request forgery (ssrf) in Azure MCP Server allows an authorized attacker to elevate privileges over a network.
Custom Question Answering Elevation of Privilege Vulnerability
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
Missing authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
Improper authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.
An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a post-authentication remote code execution on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.
Weak authentication in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Microsoft SharePoint Elevation of Privilege Vulnerability
Zoho Remote Access Plus Server Windows Desktop Binary fixed in 10.1.2132.6 is affected by a sensitive information disclosure vulnerability. Due to improper privilege management, the process launches as the logged in user, so memory dump can be done by non-admin also. Remotely, an attacker can dump all sensitive information including DB Connection string, entire IT infrastructure details, commands executed by IT admin including credentials, secrets, private keys and more.
Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network.
Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
Active Directory Domain Services Elevation of Privilege Vulnerability
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.
When installed as Windows service MELAG FTP Server 2.2.0.4 is run as SYSTEM user, which grants remote attackers to abuse misconfigurations or vulnerabilities with administrative access over the entire host system.
Microsoft Defender for IoT Remote Code Execution Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands.
Improper verification of cryptographic signature in Microsoft Azure Functions allows an authorized attacker to execute code over a network.
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.
Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.
Windows DNS Server Remote Code Execution Vulnerability
An Improper Access Control Privilege Escalation Vulnerability was discovered in the User Setting of Orion Platform version 2020.2.5. It allows a guest user to elevate privileges to the Administrator using this vulnerability. Authentication is required to exploit the vulnerability.
Improper authorization in Azure allows an authorized attacker to elevate privileges over a network.
NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where, when it is launched with the non-default command line option --model-control explicit, an attacker may use the model load API to cause a relative path traversal. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
Improper authorization in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.
Weak authentication in Windows Active Directory Certificate Services allows an authorized attacker to elevate privileges over a network.
Improper authorization in Azure Automation allows an authorized attacker to elevate privileges over a network.
Improper handling of insufficient permissions or privileges in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.
An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product�s management console in order to exploit this vulnerability.
Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network.
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Path Traversal: '\..\filename' in GitHub repository pimcore/pimcore prior to 10.5.22.
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
Windows Print Spooler Remote Code Execution Vulnerability
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
Windows Remote Procedure Call Service (RPCSS) Elevation of Privilege Vulnerability
IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked class instantiation when providing plugin classes. By sending a specially crafted request using the named pluginClassName class, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 249516.