Advisories_Explorer.exe
_
□
X
Security Advisories
A curated database of security advisories, vulnerabilities, and CVEs discovered in various vendors including Microsoft, McAfee, and others.
- ADV-112 Critical
CVE-2020-0618 – RCE in SQL Server Reporting Services (SSRS)
App: Microsoft SQL Server Reporting Services |
Ver: prior to February 2020 patch11/02/2020 - ADV-111 High
CVE-2020-0646 – Code injection in Workflows leading to SharePoint RCE
App: .NET Framework |
Ver: prior to January 2020 patch14/01/2020 - ADV-110 High
CVE-2020-0606 – Code Execution using Malicious Annotation Files for Sticky Notes in WPF apps
App: .NET Framework |
Ver: prior to January 2020 patch14/01/2020 - ADV-109 High
CVE-2020-0605 – Code Execution using XPS Files in .NET
App: .NET Framework |
Ver: prior to January 2020 patch14/01/2020 - ADV-108 Critical when MSSQL database is in use (not default)
CVE-2019-13462 – Unauthenticated SQL Injection in Lansweeper
App: Lansweeper application |
Ver: prior to 7.1.117.425/07/2019 - ADV-107 Critical, High, and Medium
CVE-2019-12923, CVE-2019-12924, CVE-2019-12925, CVE-2019-12926, CVE-2019-12927 – Multiple Vulnerabilities in MailEnable
App: MailEnable |
Ver: versions before 10.24, 9.83, 8.64, 7.62, 6.90 (20th June 2019)02/07/2019 - ADV-106 Critical and High
CVE-2019-7214, CVE-2019-7213, CVE-2019-7212, CVE-2019-7211 – Multiple Vulnerabilities in SmarterMail
App: SmarterMail |
Ver: prior to Build 6985 (CVE-2019-7214), prior to Build 7040 (CVE-2019-7211, CVE-2019-7212, CVE-2019-7213)17/04/2019 - ADV-105 Medium/High
CVE-2018-18447 – Code Execution in .NET by Reading Serialized Objects from Clipboard
App: PowerShell, Visual Studio, WPF Applications, Paint.NET, LINQPad, and more |
Ver: varies – some accepted it as a feature – some patched it (sometimes without a CVE)17/12/2018 - ADV-104 Critical
CVE-2018-8421 – RCE during loading or compiling Microsoft XOML workflows using deserialization
App: Microsoft SharePoint |
Ver: prior to November 2018 patch08/11/2018 - ADV-103 Critical
CVE-2018-8284 – Remote Code Execution on SharePoint by Bypassing Workflows Protection Mechanisms
App: Microsoft SharePoint |
Ver: prior to July 2018 patch30/08/2018 - ADV-102 Low
Mattermost Server Denial of Service by Uploading an Emoji File
App: Mattermost Server |
Ver: Fixed in v5.2.2, 5.1.2, 4.10.4N/A - ADV-101 Medium
CVE-2019-0613 – Code Execution in Visual Studio using TBC Files
App: Visual Studio |
Ver: prior to February 2019 patchN/A - ADV-120 Medium
CVE-2018-8172 – Code Execution in Visual Studio using XAML Files
App: Visual Studio |
Ver: prior to July 2018 patchN/A - ADV-100 High/Critical
CVE-2018-8172, CVE-2018-8300, CVE-2018-14581, CVE-2018-14878, CVE-2018-15122 – Unsafe Deserialization in Microsoft Resource Files (.RESX) in Multiple Products
App: Visual Studio, ILSpy, DotPeek, ReSharper Ultimate, .Net Reflector, SmartAssembly, JustDecompile, JustAssembly, IIS, SharePoint, Dynamics365 |
Ver: varies – some accepted it as a feature – some patched it (sometimes without a CVE)02/08/2018 - ADV-99 Medium
ASP.NET Request Validation Bypass Using Request Encoding
App: .NET Framework |
Ver: any – accepted as a feature09/09/2017 - ADV-98 High
Multiple Vulnerabilities in Yahoo Small Business (aabaco and luminate domains)
App: Yahoo! Aabaco Small Business |
Ver: N/AN/A - ADV-97 Medium
CVE-2017-8572, CVE-2017-11927 – SMB hash hijacking & user tracking in MS Outlook
App: Microsoft Outlook |
Ver: all versions before May 2018 update11/05/2018 - ADV-96 Low
CVE-2017-8592 – XMLHttpRequest in IE followed 307 redirections with additional or customised headers
App: Internet Explorer, Edge |
Ver: IE 10, 11, and Edge prior to July 2017 patch14/07/2017 - ADV-94 Low
CVE-2016-4178, CVE-2016-4277 – Flash “local-with-filesystem” Bypass in navigateToURL
App: Adobe Flash |
Ver: 22.0.0.211 and earlier13/09/2016 - ADV-95 Low
CVE-2016-3327 – Denial of Service in Parsing a URL by ierutil.dll
App: Microsoft Browser – Any HTML viewer using ierutil.dll |
Ver: Prior to August 2016 Patch12/08/2016 - ADV-93 High
Yahoo! Web Hosting – Multiple Security Issues
App: Yahoo! Aabaco Small Business – Web Hosting |
Ver: N/AN/A - ADV-92 High
SOP bypass in Google Chrome by redirection using Silverlight
App: Microsoft Silverlight |
Ver: wont fixN/A - ADV-91 High
Multiple Vulnerabilities in MailEnable (XXE, XSS, Privilege Escalation, Directory Traversal)
App: MailEnable |
Ver: Tested on version 8.56 (versions prior to 8.60, 7.60, 6.88, and 5.62 should be vulnerable)10/03/2015 - ADV-90 High
SmarterMail – Stored XSS in emails
App: SmarterMail |
Ver: SmarterMail 13.1.545106/03/2015 - ADV-89 Low
Flash security restrictions bypass
App: Adobe Flash |
Ver: 08/07/2015 Patched by AdobeReported on 14/11/2014 - ADV-88 Low
Flash security restrictions bypass
App: Adobe Flash |
Ver: 12/03/2015 Patched by AdobeReported on 14/11/2014 - ADV-87 Medium
Cross Domain Policy Bypass – Google Chrome Flash
App: Google Chrome |
Ver: 12/03/2015 Patched by AdobeReported on 20/10/2014 - ADV-86 Medium
Reflected XSS in SWF file – Camtasia 7 & 8
App: TechSmith Camtasia |
Ver: v8.4.4 (latest 8.x 10/01/2014) – v7.1.1 (latest 7.x 10/01/2014)10/01/2014 - ADV-85 Low
Adobe Flash – Cross Site Information Disclosure
App: Adobe Flash |
Ver: Tested on 15.0.0.152 (debug version)Reported on 02/10/2014 - ADV-84 Medium
DOM Based cross-site scripting in Doc-To-Help 2014 v1
App: Doc-To-Help |
Ver: Latest version (still unpatched – 10/01/2015)Discovered: 18/09/2014 – Reported to the vendor: 14/11/2014 - ADV-83 High
Multiple vulnerabilities in FileVista
App: FileVista |
Ver: v6.0.7 and even the latest version (still unpatched – 10/01/2015)Reported to the vendor 04/08/2014 – still unptached - ADV-82 TBA
Adobe flash sandbox bypass to navigate to local drives (Windows version)
App: Adobe Flash |
Ver: 14.0.0.125 (tested with IE 11)15/10/2014-12/08/2014 - ADV-81 Medium
Reflected Cross Site Scripting in Flash version of Flowplayer
App: Flowplayer |
Ver: 3.2.17 (latest) – still vulnerableDiscovered: 30/05/2014 – Publicly Reported: 30/09/2014 - ADV-80 Low
Facebook – Open Redirection via tpe Parameter in /ajax/payment/token_proxy.php
App: Facebook |
Ver: N/A07/02/2014 - ADV-79 High
Adobe Reader/Acrobat another Use-After-Free in ToolButton
App: Adobe Reader/Acrobat |
Ver: 11.0.05/10.1.8 and earlier versions06/12/2013 - ADV-77 High
Microsoft Internet Explorer CElement Use-After-Free Remote Code Execution Vulnerability
App: Microsoft Internet Explorer |
Ver: IE 10Reported Dec. 2013 - ADV-78 Medium
Flash Security SandBox Bypass by using JAR protocol
App: Adobe Flash |
Ver: 11.9.900.170/11.2.202.332 and earlier versions15/10/2013 - ADV-76 Critical
Yahoo Multiple Vulnerabilities – LFI/XSS/etc
App: Yahoo websites |
Ver: N/A15/10/2013 - ADV-75 Low
Microsoft XMLDOM in IE can divulge information of local drive/network in error messages
App: Internet Explorer |
Ver: Tested in IE10 – probably unpatched25/04/2013 - ADV-74 High
Facebook OAuth2 Redirection Bypass
App: Facebook |
Ver: N/A18/03/2013 - ADV-73 Low
UnRedirectable Page by using onbeforeunload, setTimeout and a pop-up msg
App: Firefox |
Ver: unpatched – 10 Jan 201508/02/2013 - ADV-72 Critical
GleamTech FileVista/FileUltimate Directory Traversal
App: Jenkins |
Ver: tested on 4.621/11/2012 - ADV-71 Low
FCKEditor/CKFinder Denial of Service on Windows Forbidden Files
App: Jenkins |
Ver: FCKEditor 2.6.8 / CKFinder 2.321/11/2012 - ADV-68 Critical
FCKEditor ASP Version – Multiple File Upload Protection Bypass and XSS vulnerability
App: FCKEditor |
Ver: latest version (retired) – 27/11/201221/11/2012 - ADV-70 Low
Jenkins XSS, CrLf, and Open Redirect
App: Jenkins |
Ver: prior to 1.491 or 1.480.120/11/2012 - ADV-69 High
Adobe Reader/Acrobat Use-After-Free in ToolButton
App: Adobe Acrobat/Reader |
Ver: 11.0.02/10.1.6 and earlier11/09/2013 – reported Sept. 2012 - ADV-67 Moderate
Facebook Privacy Issue
App: Facebook Website |
Ver: N/AVendor Awareness: March 2012 - ADV-66 Low
Bugzilla – account lockout restriction bypass
App: Bugzilla |
Ver: versions 2.17.4 through 3.6.8, 3.7.1 through 4.0.5, and 4.1.1 through 4.2Vendor Awareness: 18 February 2012 - ADV-65 High
Adobe Reader/Acrobat Memory Corruption In The JavaScript Handling
App: Adobe Reader/Acrobat |
Ver: Windows and Macintosh: <=10.1.2 and <= 9.5 , Linux: <= 9.4.6N/A - ADV-64 N/A
Mozilla Firefox – Memory Corruption – More details will be available after the patch
App: Mozilla Firefox |
Ver: Should be patched in 16Vendor Awareness: 9 February 2012 - ADV-63 Low
Splunk Reflected XSS
App: Splunk |
Ver: Patched in version 4.3.1N/A - ADV-62 Moderate
Mozilla Firefox Drag and Drop Handling Same Origin Policy Bypass Vulnerability
App: Mozilla Firefox |
Ver: Prior to 11.029 December 2011, Vendor Awareness: 21 November 2011 - ADV-61 Low
Adobe Reader/Acrobat Memory Corruption Denial of Service by Javascript
App: Adobe Reader/Acrobat |
Ver: 10.0.1, other versions can be vulnerable before applying the 14 June 2011 Patch16 June 2011, Vendor Awareness: 24 Feb 2011 - ADV-60 Moderate
Mozilla Firefox/Thunderbird/SeaMonkey ‘resource:’ Protocol Directory Traversal Vulnerability
App: Mozilla Firefox/Thunderbird/SeaMonkey |
Ver: Fixed in: Firefox 3.6.17, Firefox 3.5.19, Thunderbird 3.1.10, SeaMonkey 2.0.1428 April 2011 - ADV-59 Moderately critical
Douran Portal File Download/Source Code Disclosure Vulnerability
App: Douran Portal |
Ver: 3.9.7.820 March 2011 - ADV-58 High
TASKalfa 500ci Printer – Authentication Bypass
App: Adobe Reader/Acrobat |
Ver: Prior to 12.0 Framework – 250, 300, and 400 models were also patchedVendor Awareness: 1 Dec. 2010 – Fixed on: 14 July 2011 - ADV-57 Moderate
Microsoft Internet Information Services .Net Denial of Service
App: Microsoft IIS |
Ver: All the Latest Versions of IIS and .Net Frameworks – 17/05/2011Vendor Awareness: 3 August 2010 – Vendor Response: 4 Jan 2011 Recoverable DoS issues will be addressed in a Service Pack or next version fix – Latest State: Kept Private regarding with another 0day file/folder name leakage vulnerability in IIS - ADV-56 Moderately critical
Microsoft Internet Information Services Basic Authentication Security Bypass
App: Microsoft IIS |
Ver: 5.11 July 2010 - ADV-55 Low
Opera Browser – Scroll Information Leakage
App: Opera Browser |
Ver: 10.54 and 10.60 RC (Build 3443)30 June 2010 - ADV-54 High
AirTight Web Application – File Disclosure/Deletion and XSS
App: AirTight |
Ver: Tested on 6.1 – later versions should be safeVendor Awareness: June 2010 – Fixed on: 2010 - ADV-53 Low
Mozilla Firefox Error Handling Information Disclosure Vulnerability
App: Mozilla Firefox |
Ver: 3.5.10, 3.6.6 and prior versions27 May 2010 - ADV-52 Low
Internet Explorer hard drive information leakage
App: Internet Explorer |
Ver: 7, 8, and 9 – 17/05/20114 March 2010 - ADV-51 Less Critical for IIS][Critical for Web Applications
Microsoft IIS ASP Multiple Extensions Security Bypass
App: Microsoft IIS |
Ver: 6.024 Dec. 2009 - ADV-50 High
Virtual Support Office-XP Multiple Vulnerabilities.
App: Virtual Support Office-XP |
Ver: 3.0.29, 3.0.27 and prior versions20 Jun 2008 - ADV-49 High
eLineStudio Site Composer (ESC) <=2.6 Multiple Vulnerabilities
App: eLineStudio Site Composer (ESC) |
Ver: 2.619 Jun 2008 - ADV-48 Medium
Academic Web Tools CMS <= 1.4.2.8 Multiple Vulnerabilities
App: Academic Web Tools CMS |
Ver: 1.4.2.819 Jun 2008 - ADV-47 High
doITlive CMS <=2.50 Multiple Vulnerabilities
App: doITlive CMS |
Ver: 2.5018 Jun 2008 - ADV-46 High
Pooya Site Builder (PSB) SQL Injection Vulnerabilities
App: Pooya Site Builder (PSB) |
Ver: 6.0 (Assembly Version)12 Jun 2008 - ADV-45 High
Realm CMS <= 2.3 Multiple Vulnerabilities
App: Realm CMS |
Ver: 2.310 Jun 2008 - ADV-44 High
QuickerSite <= 1.85 Multiple Vulnerabilities
App: QuickerSite |
Ver: 1.854 Jun 2008 - ADV-43 Low
Dot Net Nuke (DNN) <= 4.8.3 XSS Vulnerability
App: Dot Net Nuke (DNN) |
Ver: 4.8.330 May 2008 - ADV-42 Medium
MegaBBS Forum Multiple Vulnerabilities.
App: MegaBBS |
Ver: 2.227 Apr 2008 - ADV-41 High
Acidcat CMS Multiple Vulnerabilities.
App: Acidcat CMS |
Ver: 3.4.120 Apr 2008 - ADV-40 High
CandyPress eCommerce suite SQL Injection + XSS + Path Disclosure in CandyPress
App: CandyPress eCommerce suite |
Ver: 4.1.1.2626 Jan 2008 - ADV-39 Medium
Web Wiz Rich Text Editor Directory traversal + HTM/HTML file creation on the server
App: Web Wiz Rich Text Editor |
Ver: 4.023 Jan 2008 - ADV-38 Low
Web Wiz NewsPad Directory traversal
App: Web Wiz NewsPad |
Ver: 1.0223 Jan 2008 - ADV-37 Low
Web Wiz Forums Directory traversal
App: Web Wiz Forums |
Ver: 9.0723 Jan 2008 - ADV-36 Low
Mozilla Firefox 2.0.0.11 Hide the Source Code
App: Mozilla Firefox |
Ver: 2.0.0.1122 Jan 2008 - ADV-35 Medium
Hosting Controller 6.1 – Users can change other’s host headers.
App: Hosting Controller |
Ver: 6.1 Hot fix <= 3.313 Dec 2007 - ADV-34 Medium
Hosting Controller 6.1 – Users can enable or disable all Hosting Controller forums by SQL Injection.
App: Hosting Controller |
Ver: 6.1 Hot fix <= 3.313 Dec 2007 - ADV-33 Medium
Hosting Controller 6.1 – Users can find web site path.
App: Hosting Controller |
Ver: 6.1 Hot fix <= 3.313 Dec 2007 - ADV-32 Medium
Hosting Controller 6.1 – Users can import unwanted plan or change the plans.
App: Hosting Controller |
Ver: 6.1 Hot fix <= 3.313 Dec 2007 - ADV-31 Medium
Hosting Controller 6.1 – Users can find Hosting Controller setup directory.
App: Hosting Controller |
Ver: 6.1 Hot fix <= 3.313 Dec 2007 - ADV-30 Medium
Hosting Controller 6.1 – Users can see all usernames in the server.
App: Hosting Controller |
Ver: 6.1 Hot fix <= 3.313 Dec 2007 - ADV-29 Medium
Hosting Controller 6.1 – Users can enable or disable pay type.
App: Hosting Controller |
Ver: 6.1 Hot fix <= 3.313 Dec 2007 - ADV-28 Medium
Hosting Controller 6.1 – Users can delete all of gateway information.
App: Hosting Controller |
Ver: 6.1 Hot fix <= 3.313 Dec 2007 - ADV-27 Medium
Hosting Controller 6.1 – Users can uninstall other’s FrontPage extensions.
App: Hosting Controller |
Ver: 6.1 Hot fix <= 3.313 Dec 2007 - ADV-26 Medium
Hosting Controller 6.1 – Users can change his credit amount or increase his discount.
App: Hosting Controller |
Ver: 6.1 Hot fix <= 3.313 Dec 2007 - ADV-25 Medium
Hosting Controller 6.1 – SQL Injection in “/accounts/accountmanager.asp”
App: Hosting Controller |
Ver: 6.1 Hot fix <= 3.313 Dec 2007 - ADV-24 Medium
Hosting Controller 6.1 – Remote Attacker can change all users’ profiles.
App: Hosting Controller |
Ver: 6.1 Hot fix <= 3.313 Dec 2007 - ADV-23 High
Hosting Controller 6.1 – Remote Users Can Make a New User
App: Hosting Controller |
Ver: 6.1 Hot fix <= 3.313 Dec 2007 - ADV-22 High
Hosting Controller 6.1 – Remote Authenticated Users Execute a File Under Administrative Privilege
App: Hosting Controller |
Ver: 6.1 Hot fix <= 3.313 Dec 2007 - ADV-21 High
Hosting Controller 6.1 – Lets Remote Users Gain Admin Privilege
App: Hosting Controller |
Ver: 6.1 Hot fix <= 3.313 Dec 2007 - ADV-20 High
Snitz Forums 2000 Active.asp Remote SQL Injection Vulnerability
App: Snitz Forums 2000 |
Ver: N/A10 Dec 2007 - ADV-19 High
SkyPortal vRC6 Multiple Remote Vulnerabilities
App: SkyPortal |
Ver: vRC622 Nov 2007 - ADV-18 Low
Mozilla Firefox 2.0.0.7 Denial of Service
App: Mozilla Firefox |
Ver: 2.0.0.725 Oct 2007 - ADV-17 Critical
Hosting Controller ‘FolderManager.aspx’ Lets Remote Authenticated Users View and Modify Files
App: Hosting Controller |
Ver: 7c (7.00.0003)27/12/2006 - ADV-16 High
More Than 25 Different Vulnerabilities in Hosting Controller Reported to the Hosting Controller Company
App: Hosting Controller |
Ver: 6.1Never - ADV-12 Medium
Hosting Controller ‘EnableForum.asp’ and ‘DisableForum.asp’ Scripts Let Remote Users Create or Delete Forums and Virtual Directories
App: Hosting Controller |
Ver: 6.1 Hotfix 3.2 and prior versions20 Oct 2006 - ADV-13 High
Hosting Controller Access Control Bugs Let Remote Users Gain Reseller and Administrative Privileges
App: Hosting Controller |
Ver: 6.1 Hotfix 3.1 and prior versions6 Jul 2006 - ADV-15 High
MailEnable Enterprise <= 2.0 (ASP Version) Multiple Vulnerabilities
App: MailEnable |
Ver: 2.09 June 2006 - ADV-10 Low
EmailArchitect Email Server Script Filtering Flaw Permits Cross-Site Scripting Attacks
App: EmailArchitect |
Ver: 6.16 Jun 2006 - ADV-6 Low
EmailArchitect Email Server Input Validation Holes Permit Cross-Site Scripting Attacks
App: EmailArchitect |
Ver: 6.16 Jun 2006 - ADV-11 High
Hosting Controller Input Validation Holes in ‘AddGatewaySettings.asp’ and ‘IPManager.asp’ Permit SQL Injection
App: Hosting Controller |
Ver: 6.1 Hotfix 2.84 Feb 2006 - ADV-9 High
MailSite Express Lets Remote Users Upload Scripting Files and Execute Them
App: MailSite Express |
Ver: 6.1.21.0, 6.1.22.0 (?)15 Oct 2005 - ADV-7 High
Hosting Controller ‘AccountActions.asp’ Access Control Bug Lets Remote Authenticated Users Add Usernames
App: Hosting Controller |
Ver: 6.1 Hotfix 2.2 and prior versions18 Jul 2005 - ADV-8 High
Hosting Controller Access Control Bugs Let Remote Authenticated Users View, Edit, and Add Plans
App: Hosting Controller |
Ver: 6.1 Hotfix 2.2 and prior versions15 Jul 2005 - ADV-14 High
Maxwebportal <= 1.36 password.asp Change Password
App: Maxwebportal |
Ver: 1.3626 May 2005 - ADV-5 Medium
Hosting Controller ‘UserProfile.asp’ Lets Remote Authenticated Users Modify Other User Profiles
App: Hosting Controller |
Ver: 6.1 Hotfix 2.0 and prior versions26 May 2005 - ADV-4 High
SmarterMail Lets Remote Users Upload Arbitrary Scripting Code and Execute Them
App: SmarterMail |
Ver: prior to 2.0.183725 Jan 2005 - ADV-3 High
Multiple Vulnerabilities in DUclassified
App: DUclassified |
Ver: All9 Oct 2004 - ADV-2 High
Multiple Vulnerabilities in DUclassmate
App: DUclassmate |
Ver: All9 Oct 2004 - ADV-1 Medium
Multiple Vulnerabilities in DUforum
App: DUforum |
Ver: All9 Oct 2004
Objects: 113 item(s) retrieved