A vulnerability in the library Apache Santuario SAML SSO (Single Sign-On) method used by Zoho ManageEngine products allows to unauthenticated remote code attackers to execute system commands.

The cause of the vulnerability is due to the lack of a strict bounds check for the SignaturesOffset field in the Base Block for the base log file (BLF) in CLFS.sys. This issue can lead to a Privilege Escalation.

This module exploits a design flaw in Microsoft Windows. The NTLM reflection attack in local authentication allows a local attacker to write arbitrary files and get SYSTEM privileges.

Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.

Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.

CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter. This module allows us to deploy an agent in a remote vulnerable target.

Windows Backup Service allows an unprivileged user to delete files.



This Update removes the Early Release Tag, change the default file to be deleted and make a backup of the file before deleting it.

Windows Backup Service allows an unprivileged user to delete files.

A use-after-free flaw was found in route4_change in the net/sched/cls_route.c filter implementation in the Linux kernel. This module allows to create a user with root privileges.

This update exploits a deserialization vulnerability in SerializationTypeConverter when converting powershell remoting objects to execute OS commands as SYSTEM.