Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server Remote Code Execution Vulnerability

Win32k Elevation of Privilege Vulnerability

Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the modules/System%20Admin/import_run.php&type=externalAssessment&step=4 URI.

The Online-Catering-Reservation-DT Food-Catering(by: oretnom23)v1.0 is vulnerable in the application /catering/classes/Login.php which is redirected from /catering/dist/js/script.js app. The SQL injection can be deployed by using the username vulnerable parameter on /catering/admin/login.php. The parameter is not protected correctly, and there is no security escaping correctly to the MySQL query on /catering/classes/Login.php when the user is sending fake information or malicious query payload to the database.

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host.

A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages.

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.

Microsoft Exchange Remote Code Execution Vulnerability

Windows Win32k Elevation of Privilege Vulnerability