Use-after-free vulnerability in Microsoft Office 2007 SP3, 2010 SP2, and 2013 Gold and SP1 allows remote attackers to bypass the ASLR protection mechanism via a crafted document, aka "Microsoft. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 32.3% and no vendor patch available.
Multiple open redirect vulnerabilities in u5CMS before 3.9.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) pidvesa cookie to. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
The font mapper in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows. Rated medium severity (CVSS 4.7). Public exploit code available.
Multiple cross-site scripting (XSS) vulnerabilities in u5CMS before 3.9.4 allow remote attackers to inject arbitrary web script or HTML via the (1) c, (2) i, (3) l, or (4) p parameter to index.php;. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Microsoft Internet Explorer 10 and 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability.". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 23.4% and no vendor patch available.
Microsoft Internet Explorer 8 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability.". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 23.4% and no vendor patch available.
Microsoft Internet Explorer 6 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 22.3% and no vendor patch available.
Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 22.1%.
Multiple cross-site scripting (XSS) vulnerabilities in the Spider Facebook plugin before 1.0.11 for WordPress allow (1) remote attackers to inject arbitrary web script or HTML via the appid parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.
The Group Policy Security Configuration policy implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1,. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.
Microsoft System Center Virtual Machine Manager (VMM) 2012 R2 Update Rollup 4 does not properly validate the roles of users, which allows local users to obtain server and virtual-machine. Rated medium severity (CVSS 6.9).
Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to gain privileges via a crafted. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.
The CryptProtectMemory function in cng.sys (aka the Cryptography Next Generation driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2. Rated low severity (CVSS 1.9). Public exploit code available.
Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability.". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability.". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.