CWE-20

An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests, aka ‘ASP.NET Core Elevation Of Privilege Vulnerability’.

Ming (aka libming) 0.4.8 has an “fill overflow” vulnerability in the function SWFShape_setLeftFillStyle in blocks/shape.c.

BlueStacks App Player 2, 3, and 4 before 4.90 allows DNS Rebinding for attacks on exposed IPC functions.

A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren’t properly protected from unsafe data input, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1257, CVE-2019-1296.

A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren’t properly protected from unsafe data input, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1257, CVE-2019-1295.

In MyBB before 1.8.21, an attacker can abuse a default behavior of MySQL on many systems (that leads to truncation of strings that are too long for a database column) to create a PHP shell in the cache directory of a targeted forum via a crafted XML import, as demonstrated by truncation of aaaaaaaaaaaaaaaaaaaaaaaaaa.php.css to aaaaaaaaaaaaaaaaaaaaaaaaaa.php with a 30-character limit, aka theme import stylesheet name RCE.