cesar cerrudo vulnerabilities and exploits

(subscribe to this query)

SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote malicious users to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an emb...

Microsoft Biztalk Server 2000 Microsoft Biztalk Server 2002

2 EDB exploits

The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrate...

Microsoft Windows 2000

1 EDB exploit

Microsoft SQL Server 2000 SP2, when configured as a distributor, allows malicious users to execute arbitrary code via the @scriptfile parameter to the sp_MScopyscript stored procedure.

Microsoft Sql Server 2000

1 EDB exploit

Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent malicious users to gain privileges by using one service process to capture a res...

Microsoft Windows Server 2003 Microsoft Windows Vista -Microsoft Windows-nt Vista Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Xp

1 EDB exploit

Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ISAPI) of Microsoft BizTalk Server 2002 allows malicious users to execute arbitrary code via a certain request to the HTTP receiver.

Microsoft Biztalk Server 2002

1 EDB exploit

Directory traversal vulnerability in Oracle Database Server 8i and 9i allows remote malicious users to read or rename arbitrary files via "\\.\\.." (modified dot dot backslash) sequences to UTL_FILE functions such as (1) UTL_FILE.FOPEN or (2) UTL_FILE.frename.

Oracle Database Server

1 EDB exploit

The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Traci...

Microsoft Windows Server 2008 Microsoft Windows Server 2008 -Microsoft Windows 7 -Microsoft Windows Vista -Microsoft Windows Vista

1 EDB exploit

The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2)...

Microsoft Windows Vista Gold Microsoft Windows Xp Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003

1 EDB exploit

The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to g...

Microsoft Windows Server 2003 Microsoft Windows Xp

1 EDB exploit

The ThreadPool class in Windows Vista Gold and SP1, and Server 2008, does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privilege...

Microsoft Windows Server 2008 -Microsoft Windows Vista -

1 EDB exploit

1 2 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook