The waitid implementation in upstream kernels did not restrict the target destination to copy information results. This can allow local users to write to otherwise protected kernel memory, which can lead to privilege escalation.
This vulnerability allows local attackers to escalate privileges on vulnerable installations of IKARUS anti.virus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of crafted IOCTL 0x8300000c by the ntguard_x64.sys kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in an out-of-bounds write condition. An attacker can leverage this vulnerability to elevate privileges in context of kernel.
This module exploits a post authentication vulnerability in pfSense by abusing the system_groupmanager.php page which allows users to get Code Execution.
TrendMicro is prone to an abuse in the talker.php function to get authentication bypass, combined with the mod TMCSS user-supplied unvalidated input before using it to execute a system calls leads us to execute arbitrary code.
This module exploits an arbitrary file upload in DotCMS to install an agent.
This module exploits a command injection vulnerability in REDDOXX Appliance to install an agent.
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Jungo WinDriver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the processing of IOCTL 0x953824a7 by the windrvr12xx kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in an out-of-bounds write condition. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel.
The specific flaw exists within the processing of IOCTL 0x953824a7 by the windrvr12xx kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in an out-of-bounds write condition. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel.
Dup Scout is prone to a buffer overflow when handling an overly long username.
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory.
NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x600000D where a value passed from a user to the driver is used without validation leading to escalation of privileges. This update add reliability and speed to the attack.