9.8
CVSSv3

CVE-2019-1306

Published: 11/09/2019 Updated: 15/07/2020
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 670
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly, aka 'Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability'.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft azure devops server 2019

microsoft azure devops server 2019.0.1

microsoft team foundation server 2018

Github Repositories

https://github.com/qazbnm456/awesome-web-security

Awesome Web Security Curated list of Web Security materials and resources Needless to say, most websites suffer from various types of bugs which may eventually lead to vulnerabilities Why would this happen so often? There can be many factors involved including misconfiguration, shortage of engineers' security skills, etc To combat this, here is a curated list of We

Cybersecurity Web Security The World of Web Security in Cybersecurity : A collection of Web Security materials, libraries, documents, books, resources and cool stuff about in Cybersecurity Thanks to all contributors, you're awesome and wouldn't be possible without you! Our goal is to build a categorized community-driven collection of very well-known resources Ensu

Awesome Web Security Curated list of Web Security materials and resources Needless to say, most websites suffer from various types of bugs which may eventually lead to vulnerabilities Why would this happen so often? There can be many factors involved including misconfiguration, shortage of engineers' security skills, etc To combat this, here is a curated list of W

Awesome Web Security Curated list of Web Security materials and resources Needless to say, most websites suffer from various types of bugs which may eventually lead to vulnerabilities Why would this happen so often? There can be many factors involved including misconfiguration, shortage of engineers' security skills, etc To combat this, here is a curated list of We

A curated list of Web Security materials and resources.

Awesome Web Security Curated list of Web Security materials and resources Needless to say, most websites suffer from various types of bugs which may eventually lead to vulnerabilities Why would this happen so often? There can be many factors involved including misconfiguration, shortage of engineers' security skills, etc To combat this, here is a curated list of We

2019年天融信阿尔法实验室在微信公众号发布的所有安全资讯汇总

欢迎关注天融信阿尔法实验室微信公众号 20191231 [技术] 使用IDA从零开始学逆向, Part27 mediumcom/p/5fa5c173547c 36C3 CTF Writeups bananamafiadev/post/36c3ctf/ 再探同形文字攻击 alephsecuritycom/2019/12/29/revised-homograph-attacks/ 对1个Dell SonicWALL虚拟办公室的登录界面进行Password Spraying攻击

Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out current Contents CVE-2011-2856 CVE-2011-3243 CVE-2013-2618 CVE-2013-6632 CVE-2014-1701 CVE-2014-1705 CVE-2014-1747 CVE-2014-3176 CVE-2014-6332 CVE-2014-7927 CVE-2014-7928 CVE-2015-0072 CVE-2015-0235 CVE-2015-0240 CVE-2015-1233 CVE-2015-1242 CVE-2015-1268 CV

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :

Recent Articles

Microsoft Patch Tuesday – September 2019
Symantec Threat Intelligence Blog • Preethi Koroth • 11 Sep 2022

This month the vendor has patched 79 vulnerabilities, 18 of which are rated Critical.

Posted: 11 Sep, 201923 Min ReadThreat Intelligence SubscribeFollowtwitterfacebooklinkedinMicrosoft Patch Tuesday – September 2019This month the vendor has patched 79 vulnerabilities, 18 of which are rated Critical.This month the vendor has patched 79 vulnerabilities, 18 of which are rated Critical.

As always, customers are advised to follow these security best practices:


Install vendor patches as s...

It's 2019, and Windows PCs can be pwned via a shortcut file, a webpage, an evil RDP server...
The Register • Shaun Nichols in San Francisco • 10 Sep 2019

Microsoft joins Adobe and SAP in cleaning up security bugs, two of which are under active attack

Patch Tuesday Microsoft, Adobe, and SAP today delivered a load of security updates for this month's Patch Tuesday.
It will be a busy day for admins and users of Windows PCs and servers, as Microsoft has released updates for a total of 80 CVE-listed bugs.
Among the more serious issues addressed this month are CVE-2019-1215 and CVE-2019-1214, a pair of elevation-of-privilege vulnerabilities that have been under active attack in the wild.
In both cases, experts say, miscreants are...

Microsoft Addresses Two Zero-Days Under Active Attack
Threatpost • Tara Seals • 10 Sep 2019

Two elevation-of-privilege vulnerabilities that have been exploited in the wild as zero-days are at the heart of September’s Patch Tuesday update from Microsoft.
The two EoP vulnerabilities under active attack consist of CVE-2019-1214, which exists in the Windows Common Log File System (CLFS) Driver; and CVE-2019-1215, which impacts the Winsock IFS Driver (ws2ifsl.sys).
“Both flaws exist due to improper handling of objects in memory by the respective drivers,” said Satnam Naran...

It's 2019, and Windows PCs can be pwned via a shortcut file, a webpage, an evil RDP server...
The Register • Shaun Nichols in San Francisco • 10 Sep 2019

Microsoft joins Adobe and SAP in cleaning up security bugs, two of which are under active attack Exim marks the spot… of remote code execution: Patch due out today for 'give me root' flaw in mail server

Patch Tuesday Microsoft, Adobe, and SAP today delivered a load of security updates for this month's Patch Tuesday.
It will be a busy day for admins and users of Windows PCs and servers, as Microsoft has released updates for a total of 80 CVE-listed bugs.
Among the more serious issues addressed this month are CVE-2019-1215 and CVE-2019-1214, a pair of elevation-of-privilege vulnerabilities that have been under active attack in the wild.
In both cases, experts say, miscreants are...