Use-after-free vulnerability in the telephony service can lead to a Local Privilege Escalation in TapiSrv.
An elevation of privilege vulnerability exists due to the MS KS WOW Thunk kernel module allow accessing memory out of bounds. The vulnerability could allow an attacker to run code with elevated privileges.
A chain of vulnerabilities in cups-browsed, libcupsfilters, libppd and cups-filters allows unauthenticated remote attackers to execute system commands.
In GeoServer prior to versions 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. The GeoTools library API that GeoServer calls evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-jxpath library which can execute arbitrary code when evaluating XPath expressions. This XPath evaluation is intended to be used only by complex feature types (i.e., Application Schema data stores) but is incorrectly being applied to simple feature types as well which makes this vulnerability apply to all GeoServer instances. In order to exploit this vulnerability, this module sends an evil XPath expression that after being processed by the commons-jxpath library allows us to deploy an agent.
This update adds support for domain users, improved user group validation, agent stability, and improved module output messages.
This exploit uses a technique called LNK stomping that allows specially crafted LNK files with non-standard target paths or internal structures to cause the file to be opened while bypassing Smart App Control and the Mark of the Web security warnings.
Veeam Backup and Replication deserialization of System.Runtime.Remoting.ObjRef .NET class type allows unauthenticated remote attackers to execute system commands in the context of the NT AUTHORITY\SYSTEM user.
This exploit leverages an information disclosure vulnerability in Microsoft Outlook. By using an image tag, unauthorized access can be obtained, allowing for the theft of NTLM hashes.
A directory traversal Vulnerability in the WhatsUp.ExportUtilities.Export.GetFileWithoutZip method of Progress WhatsUp Gold allows unauthenticated remote attackers to write arbitrary files in the system leading to execute system commands in the context of the IIS APPPOOL\NmConsole user.
This module exploits an issue in GitLab CE/EE that allows sending reset emails to an unverified email address. In order to takeover the account, the module will exploit the vulnerability adding the attacker's email to the JSON from /users/password endpoint, then it will connect via IMAP to the attacker's email, parse the reset email and change the password. All versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 are affected.