VIR Vulnerability Intelligence Relay

Search

Found 3,622 results in 713ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2017-15956 high 7.5 8.5 EXP converto_video_downloader_\&_converter_project 9y ago ConverTo Video Downloader & Converter 1.4.1 allows Arbitrary File Download via the token parameter to download.php.
CVE-2017-15879 high 8.8 9.8 EXP keystonejs 9y ago Keystone is vulnerable to CSV injection
CVE-2017-13772 high 8.8 9.8 EXP 9y ago Multiple stack-based buffer overflows in TP-Link WR940N WiFi routers with hardware version 4 allow remote authenticated users to execute arbitrary code via the (1) ping_addr parameter to PingIframeRp…
CVE-2015-5533 high 7.2 8.2 EXP count_per_day_project 9y ago SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpd_keep…
CVE-2015-2878 high 8.8 9.8 EXP watchguard 9y ago Multiple cross-site request forgery (CSRF) vulnerabilities in Hexis HawkEye G 3.0.1.4912 allow remote attackers to hijack the authentication of administrators for requests that (1) add arbitrary acco…
CVE-2011-4334 high 8.8 9.8 EXP labwiki_project 9y ago edit.php in LabWiki 1.1 and earlier does not properly verify uploaded user files, which allows remote authenticated users to upload arbitrary PHP files via a PHP file with a .gif extension in the use…
CVE-2017-15808 high 8.8 9.8 EXP phpmyfaq 9y ago In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php.
CVE-2017-7117 high 8.8 9.8 EXPFIX slesmacos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS b…
CVE-2017-7115 high 8.1 9.1 EXP macos macos 9y ago An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrar…
CVE-2017-15735 high 8.8 9.8 EXP phpmyfaq 9y ago In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary.
CVE-2017-15734 high 8.8 9.8 EXP phpmyfaq 9y ago In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php.
CVE-2017-15730 high 8.8 9.8 EXP phpmyfaq 9y ago In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php.
CVE-2017-15649 high 7.8 8.8 EXPFIX slesdebian debian linux-kernel 9y ago net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race co…
CVE-2017-15647 high 7.5 8.5 EXP 9y ago On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value.
CVE-2017-15645 high 8.8 9.8 EXP webmin 9y ago CSRF exists in Webmin 1.850. By sending a GET request to at/create_job.cgi containing dir=/&cmd= in the URI, an attacker to execute arbitrary commands.
CVE-2017-15644 high 8.6 9.6 EXP webmin 9y ago SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000.
CVE-2017-15643 high 7.4 8.4 EXP ikarussecurity 9y ago An active network attacker (MiTM) can achieve remote code execution on a machine that runs IKARUS Anti Virus 2.16.7. IKARUS AV for Windows uses cleartext HTTP for updates along with a CRC32 checksum …
CVE-2017-10309 high 7.1 8.1 EXPFIX sles rheldebian debian oracleredhatnetapp 9y ago Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u144 and 9. Easily exploitable vulnerability allows unauthentic…
CVE-2017-12579 high 7.8 8.8 EXP hashicorp 9y ago An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 4.0.24 and earlier allows a non-root user to obtain a root shell.
CVE-2015-7715 high 8.8 9.8 EXP realtyna 9y ago Cross-site request forgery (CSRF) vulnerability in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allows remote attackers to hijack the authentication of administrators for requests th…
CVE-2015-7714 high 7.2 8.2 EXP realtyna 9y ago Multiple SQL injection vulnerabilities in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allow remote administrators to execute arbitrary SQL commands via the (1) id, (2) copy_field in…
CVE-2017-15595 high 8.8 9.8 EXPFIX slesdebian debian 9y ago An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via…
CVE-2017-15578 high 8.8 9.8 EXP phpsugar 9y ago In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the image parameter to admin/edit_category.php.
CVE-2014-9118 high 8.8 9.8 EXP 9y ago The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd.
CVE-2014-8357 high 8.8 9.8 EXP 9y ago backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the s…
CVE-2017-15221 high 7.8 8.8 EXP asx_to_mp3_converter_project 9y ago ASX to MP3 converter 3.1.3.7.2010.11.05 has a buffer overflow via a crafted M3U file, a related issue to CVE-2009-1324.
CVE-2014-9147 high 7.5 8.5 EXP fiyo 9y ago Fiyo CMS 2.0.1.8 allows remote attackers to obtain sensitive information via a direct request to the database backup file in .backup/.
CVE-2017-15276 high 8.8 9.8 EXP opentext 9y ago OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Ser…
CVE-2017-15013 high 8.8 9.8 EXP opentext 9y ago OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Ser…
CVE-2017-15012 high 8.8 9.8 EXP opentext 9y ago OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 does not properly validate the input of the PUT_FILE RPC-command, which allows any authenticated user to hijack…
CVE-2017-11811 high 7.5 8.5 EXP windows windows microsoft 9y ago ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the s…
CVE-2017-11810 high 7.5 8.5 EXP windows windows microsoft 9y ago Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 201…
CVE-2017-11809 high 7.5 8.5 EXP windows windows microsoft 9y ago ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the s…
CVE-2017-11802 high 7.5 8.5 EXP windows windows microsoft 9y ago ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the s…
CVE-2017-11799 high 7.5 8.5 EXP windows windows microsoft 9y ago ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the s…
CVE-2017-11793 high 7.5 8.5 EXP windows windows microsoft 9y ago Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 201…
CVE-2017-15236 high 7.5 8.5 EXP 9y ago Tiandy IP cameras 5.56.17.120 do not properly restrict a certain proprietary protocol, which allows remote attackers to read settings via a crafted request to TCP port 3001, as demonstrated by config…
CVE-2017-15235 high 7.5 8.5 EXPFIX debian debian horde 9y ago The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact fi…
CVE-2015-2856 high 7.5 8.5 EXP accellion 9y ago Directory traversal vulnerability in the template function in function.inc in Accellion File Transfer Appliance devices before FTA_9_11_210 allows remote attackers to read arbitrary files via a .. (d…
CVE-2017-5637 high 7.5 8.5 EXPFIX debian debian apache 9y ago Uncontrolled Resource Consumption in Apache ZooKeeper
CVE-2015-2673 high 8.8 9.8 EXP wpeasycart 9y ago The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 through 3.0.20 for WordPress allow remote attackers to gain a…
CVE-2015-2143 high 8.8 9.8 EXP phpbugtracker_project 9y ago Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to hijack the authentication of users for requests that cause an unspecifi…
CVE-2015-2142 high 8.0 9.0 EXP phpbugtracker_project 9y ago Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to (1) hijack the authentication of users for requests that caus…
CVE-2017-13068 high 7.5 8.5 EXP qnap 9y ago QNAP has already patched this vulnerability. This security concern allows a remote attacker to perform an SQL injection on the application and obtain Helpdesk application information. A remote attack…
CVE-2017-14087 high 7.5 8.5 EXP trendmicro 9y ago A Host Header Injection vulnerability in Trend Micro OfficeScan XG (12.0) may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a mali…
CVE-2017-14086 high 7.5 8.5 EXP trendmicro 9y ago Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to start the fcgiOfcDDA.exe executabl…
CVE-2017-14084 high 8.1 9.1 EXP trendmicro 9y ago A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Micro OfficeScan 11.0 and XG may allow attackers to execute arbitrary code on vulnerable installations.
CVE-2017-14083 high 7.5 8.5 EXP trendmicro 9y ago A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can access the system to download the OfficeScan encryption file.
CVE-2017-15035 high 7.5 8.5 EXP emtec 9y ago EmTec PyroBatchFTP before 3.18 allows remote servers to cause a denial of service (application crash).
CVE-2017-1000119 high 7.2 8.2 EXP octobercms 9y ago October CMS PHP Code Execution
CVE-2017-1000117 high 8.8 9.8 EXPFIX arch arch slesdebian debian git-scm 9y ago A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Suc…
CVE-2017-1000112 high 7.0 8.0 EXPFIX slesarch archdebian debian 9y ago Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two…
CVE-2017-6090 high 8.8 9.8 EXP phpcollab 9y ago Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable exte…
CVE-2017-14848 high 8.8 9.8 EXP dasinfomedia 9y ago WPHRM Human Resource Management System for WordPress 1.0 allows SQL Injection via the employee_id parameter.
CVE-2017-14758 high 8.8 9.8 EXP opentext 9y ago OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xAdmin/html/cm_doclist_view_uc.…
CVE-2017-14757 high 8.8 9.8 EXP opentext 9y ago OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xDashboard/html/jobhistory/down…
CVE-2017-14496 high 7.5 8.5 EXPFIX arch archdebian debianubuntu ubuntu thekelleys 9y ago multiple issues in dnsmasq
CVE-2017-14495 high 7.5 8.5 EXPFIX arch arch slesdebian debian thekelleys 9y ago multiple issues in dnsmasq
CVE-2017-11322 high 8.2 9.2 EXP ucopia 9y ago The chroothole_client executable in UCOPIA Wireless Appliance before 5.1.8 allows remote attackers to gain root privileges via a dollar sign ($) metacharacter in the argument to chroothole_client.
CVE-2017-11321 high 7.2 8.2 EXP ucopia 9y ago The restricted shell interface in UCOPIA Wireless Appliance before 5.1.8 allows remote authenticated users to gain 'admin' privileges via shell metacharacters in the less command.
CVE-2015-7358 high 7.8 8.8 EXP ciphershedidrixtruecrypt 9y ago The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, does not properly validate drive letter symbolic links, which …
CVE-2017-14847 high 8.8 9.8 EXP dasinfomedia 9y ago Mojoomla WPAMS Apartment Management System for WordPress allows SQL Injection via the id parameter.
CVE-2017-14846 high 8.8 9.8 EXP dasinfomedia 9y ago Mojoomla Hospital Management System for WordPress allows SQL Injection via the id parameter.
CVE-2017-14845 high 8.8 9.8 EXP dasinfomedia 9y ago Mojoomla WPCHURCH Church Management System for WordPress allows SQL Injection via the id parameter.
CVE-2017-14844 high 8.8 9.8 EXP dasinfomedia 9y ago Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter.
CVE-2017-14843 high 8.8 9.8 EXP dasinfomedia 9y ago Mojoomla School Management System for WordPress allows SQL Injection via the id parameter.
CVE-2017-14842 high 8.8 9.8 EXP dasinfomedia 9y ago Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL Injection via the id parameter.
CVE-2017-14840 high 8.8 9.8 EXP teamworktec 9y ago TeamWork TicketPlus allows Arbitrary File Upload in updateProfile.
CVE-2017-14839 high 8.8 9.8 EXP teamworktec 9y ago TeamWork Photo Fusion allows Arbitrary File Upload in changeAvatar and changeCover.
CVE-2017-14838 high 8.8 9.8 EXP teamworktec 9y ago TeamWork Job Links allows Arbitrary File Upload in profileChange and coverChange.
CVE-2015-3643 high 7.8 8.8 EXP ubuntu ubuntu usb-creator_project 9y ago usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before 0.2.56.3ubuntu0.1 on Ubuntu 14.04 LTS, before 0.2.62ubuntu0.3 on Ubuntu 14.10, and before 0.2.67ubuntu0.1 on Ubuntu 15.04 allows local…
CVE-2015-1336 high 7.8 8.8 EXPFIX debian debianubuntu ubuntu man-db_project 9y ago The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use.
CVE-2017-14704 high 8.8 9.8 EXP claydip 9y ago Multiple unrestricted file upload vulnerabilities in the (1) imageSubmit and (2) proof_submit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code …
CVE-2017-13129 high 8.0 9.0 EXP zkteco 9y ago Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators …
CVE-2014-0997 high 7.5 8.5 EXP 9y ago WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and poten…
CVE-2015-7293 high 8.8 9.8 EXP plonezope 9y ago Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x.
CVE-2015-4669 high 7.8 8.8 EXP xceedium 9y ago The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system.
CVE-2017-14627 high 7.8 8.8 EXP cyberlink 9y ago Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to execute arbitrary code via the (1) author (inside the INFORMATION tag), (2) name (inside the INFORMATION tag), (3) a…
CVE-2017-14680 high 7.5 8.5 EXP zkteco 9y ago ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF document.
CVE-2017-12929 high 8.8 9.8 EXP tecnovision 9y ago Arbitrary File Upload in resource.php of TecnoVISION DLX Spot Player4 version >1.5.10 allows remote authenticated users to upload arbitrary files leading to Remote Command Execution.
CVE-2017-7924 high 7.5 8.5 EXP 9y ago An Improper Input Validation issue was discovered in Rockwell Automation MicroLogix 1100 controllers 1763-L16BWA, 1763-L16AWA, 1763-L16BBB, and 1763-L16DWD. A remote, unauthenticated attacker could s…
CVE-2015-4075 high 8.1 9.1 EXP helpdeskpro 9y ago The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to write to arbitrary .ini files via a crafted language.save task.
CVE-2015-4074 high 7.5 8.5 EXP helpdesk_pro_project 9y ago Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download…
CVE-2017-8770 high 7.5 8.5 EXP 9y ago There is LFD (local file disclosure) on BE126 WIFI repeater 1.0 devices that allows attackers to read the entire filesystem on the device via a crafted getpage parameter.
CVE-2015-4685 high 7.0 8.0 EXP polycom 9y ago Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo m…
CVE-2015-4681 high 7.8 8.8 EXP polycom 9y ago Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users to have unspecified impact via vectors related to weak passwords.
CVE-2017-14311 high 7.8 8.8 EXP netmechanica 9y ago The Winring0x32.sys driver in NetMechanica NetDecision 5.8.2 allows local users to gain privileges via a crafted 0x9C402088 IOCTL call.
CVE-2014-9619 high 7.2 8.2 EXP netsweeper 9y ago Unrestricted file upload vulnerability in webadmin/ajaxfilemanager/ajaxfilemanager.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote authenticated users with a…
CVE-2017-9798 high 7.5 8.5 EXPFIX debian debianarch arch sles apache 9y ago Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsb…
CVE-2014-9463 high 8.8 9.8 EXP vbseovbulletin 9y ago functions_vbseo_hook.php in the VBSEO module for vBulletin allows remote authenticated users to execute arbitrary code via the HTTP Referer header to visitormessage.php.
CVE-2017-0781 high 8.8 9.8 EXP 9y ago A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146105.
CVE-2017-6008 high 7.8 8.8 EXP sophos 9y ago A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to escalate p…
CVE-2017-8755 high 7.5 8.5 EXP windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the scripting eng…
CVE-2017-8751 high 7.5 8.5 EXP windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft…
CVE-2017-8740 high 7.5 8.5 EXP windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in…
CVE-2017-8734 high 7.5 8.5 EXP windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft E…
CVE-2017-8731 high 7.5 8.5 EXP windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses object…
CVE-2017-8729 high 7.5 8.5 EXP windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in…
CVE-2017-8682 high 8.8 9.8 EXP windows windows microsoft 9y ago Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, Windows Server 20…
CVE-2017-11764 high 7.5 8.5 EXP windows windows microsoft 9y ago Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scri…