This vulnerability allows remote attackers to execute arbitrary code on affected installations of Aztack for Microsoft Azure. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8.
Monthly Archives: August 2024
ZDI-24-1061: Microsoft What The Hack docsmsftpdfs Uncontrolled Search Path Element Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft What The Hack. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8.
ZDI-24-1062: Microsoft Fluid Framework prague Uncontrolled Search Path Element Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Fluid Framework. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8.
ZDI-24-1063: Microsoft Reactor Workshops reactorworkshops Uncontrolled Search Path Element Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Reactor Workshops. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8.
ZDI-24-1064: Microsoft AirSim airsimci Uncontrolled Search Path Element Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft AirSim. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8.
ZDI-24-1065: Microsoft Azure Availability Monitor for Kafka esnewdeveastdockerregistry Uncontrolled Search Path Element Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Availability Monitor for Kafka for Microsoft Azure. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8.
ZDI-24-1066: Microsoft Azure DataStoriesSamples machinelearningdatasets Uncontrolled Search Path Element Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of DataStoriesSamples for Microsoft Azure. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8.
ZDI-24-1067: Microsoft Azure CollectSFData docs-analytics-eus Uncontrolled Search Path Element Impersonation Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CollectSFData for Microsoft Azure. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.4.
ZDI-24-1068: Microsoft Azure ML.NET Samples mlnetfilestorage Uncontrolled Search Path Element Vulnerability
This vulnerability allows remote attackers to manipulate sample datasets on affected installations of ML.NET Samples for Microsoft Azure. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.3.
ZDI-24-1069: Microsoft Technical Case Studies athena-dashboard Uncontrolled Search Path Element Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Technical Case Studies. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8.