A Denial of Service exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests.
VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) running on Windows does not handle COM classes appropriately. Successful exploitation of this issue may allow hijacking of COM classes used by the VMX process, on a Windows host, leading to elevation of privilege.
An unauthenticated attacker can send a malicious SOAP request to the interface WLS AsyncResponseService to execute code on the vulnerable host.
The attacker must have network access to the Oracle Weblogic Server T3 interface.
The attacker must have network access to the Oracle Weblogic Server T3 interface.
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'.
An unauthenticated attacker can connect to the target system using RDP and sends specially crafted requests to exploit the vulnerability.
This module tries to verify if the vulnerability is present, without deploying an agent.
This module tries to verify if the vulnerability is present, without deploying an agent.
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
The vulnerable is a Local Privilege Escalation in AgentSvc.exe. This service creates a global section object and a corresponding global event that is signaled whenever a process that writes to the shared memory wants the data to be processed by the service. The vulnerability lies in the weak permissions that are affected to both these objects allowing "Everyone" including unprivileged users to manipulate the shared memory and the event.
XMPlay 3.8.3 allows remote attackers to execute arbitrary code via a crafted http:// URL in a .m3u file.
The specific flaw exists within the DHCP Client service. A crafted DHCP packet can trigger an integer underflow before writing to memory.
Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via multiple IOCTLs. This update fixes an error in the injection.