Microsoft Exchange suffers from an open redirect vulnerability.
50d79a092d794c779a0fa7f12fdb4853
Microsoft SQL Server Management Studio versions 17.9 and 18.0 Preview 4 suffer from an xmla filetype XML external entity injection vulnerability.
f8fb22312550cc368dc913351a5406a8
Microsoft SQL Server Management Studio versions 17.9 and 18.0 Preview 4 suffer from a xel filetype XML external entity injection vulnerability.
0fb594060e86354cefaa3a12ba2181d5
Microsoft SQL Server Management Studio versions 17.9 and 18.0 Preview 4 suffer from a REGSRVR filehandling XML external entity injection vulnerability.
bc7e26312d98457aeac3779548aee6d7
Rollup 18 for Microsoft Exchange Server 2010 SP3 suffers from a server-side request forgery vulnerability.
de9cfc08b86ceb9f798df8ea03404c6d
Microsoft Baseline Security Analyzer version 2.3 suffers from an XML external entity injection vulnerability.
7224f7e70a591fdfca03428610d0453c
This whitepaper analyzes a privilege escalation vulnerability in the Microsoft .NET framework as noted in MS15-118.
4a014224fc35bfb528ae5d4ebe710d2d
The Microsoft DirectX SDK "Xact3.exe" cross-platform tool allows for arbitrary code execution via a trojan horse file "xbdm.dll" in the current working directory, upon opening a ".xap" project file from the same location.
d7f1056ce3aa140ad0e115c7bf50b3c0
Microsoft's dnslint.exe tool does not verify domain names when parsing DNS text-files using the "/ql" switch making it prone to forced drive-by downloads, providing an end user is tricked into using a server text-file containing a script/binary reference instead of a normally expected domain name.
eb14060a0091ba68f6b96c6e9ef2fb25
Microsoft Windows Enterprise Mode Site List Manager versions 1 and 2 suffer from an XML external entity injection vulnerability.
adb95485a2175dc841aa24d2a530ed72
Library description files are XML files that define libraries. Libraries aggregate items from local and remote storage locations into a single view in Windows Explorer. Library description files follow the Library Description schema and are saved as *.library-ms files. The .library-ms filetype triggers forced authentication when a user/client accesses a remote share that houses an attacker supplied ".library-ms" file, disclosing credential hashes and other identifiable computer informations.
3efbbbe3394fffedf1bbcf55f304effb
Enhanced Mitigation Experience Toolkit (EMET) suffers from an XML external entity injection vulnerability.
da2c5fe7a5b5d3b441f02c18e2d7ca7a
dpa-fwl.microsoft.com suffers from an open redirection vulnerability.
9a992791db71dab2fd3cb6f1e0559793
Microsoft Internet Explorer version 11.371.16299.0 suffers from a denial of service vulnerability.
b95fe4c66578b78c338a2d385f6635b6
Windows DVD Maker version 6.1.7 suffers from an XML external entity injection vulnerability.
2633411dcb609dcaaf80a71090998e85
Microsoft PowerShell suffers from an XML external entity (XXE) injection vulnerability that allows for file exfiltration.
06fe56f18d81ef806aed4773f1517228
Microsoft Authorization Manager version 6.1.7601 suffers from an XML external entity (XXE) injection vulnerability that allows for file exfiltration.
982c09b54dae36f9b5ae432e6c1d0409
Microsoft Event Viewer version 1.0 suffers from an XML external entity (XXE) injection vulnerability that allows for file exfiltration.
c7a519a9ce4acb64b45e6199d6ff5ae3
Windows System Information MSINFO32.exe version 6.1.7601 suffers from an XML external entity (XXE) injection vulnerability that allows for file exfiltration.
a3e8668872972b93951845a9522c667a
Microsoft Excel Starter 2010 suffers from an XML eXternal Entity vulnerability that allows for remote file disclosure.
20178a697a7d8e0bdfa592af023e1815
Windows Media Center "ehshell.exe" is vulnerable to an XML External Entity attack allowing remote access to any files on a victim's computer, if they open an XXE laden ".mcl" file via a remote share / USB or from a malicious "windowsmediacenterweb" web link.
c9be1776890abf5bb75684418ba687cc
Sophos EAS Proxy is part of the Enterprise Mobility Management (EMM) platform Sophos Mobile Control, which allows control of mail access for managed mobile devices. Anonymous attackers can access any web-resources of the backend mail system like Microsoft Exchange or IBM Domino, if Lotus Traveler option is enabled. Brute force attacks against users in the backend mail system are also possible. Version 3.5.0.3 is affected.
24977ef9b66d45a0e285add435dd4ef1
Microsoft Visio suffers from a DLL hijacking vulnerability.
72f90bf45267f4baa3971413f07d2b96
Microsoft Visual C++ 2010 Redistributable Package and Visual C++ Redistributable for Visual Studio 2015 suffer from multiple dll hijacking vulnerabilities.
e6906434cb499de8310b345ea39b21d5
Microsoft PowerPoint Viewer version 12.0.6600.1000 suffers from a DLL hijacking vulnerability.
2a755f926620d3e0ed78fe4c04d77b9a
This Metasploit module tests vulnerable IIS HTTP header file paths on Microsoft Exchange OWA 2003, CAS 2007, 2010, 2013 servers.
eafa43771f313779174c92917d0efc66