This update improves the module to bypass UAC by adding support for Windows 10.
RESTful Web Services Module does not properly sanitize data from non-form sources. A vulnerability in this approach allows an unauthenticated attacker to send specially crafted requests resulting in arbitrary PHP execution.
A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated local attacker, to execute arbitrary commands with SYSTEM user privileges.
This module exploits a vulnerability in snapd which incorrectly validates and parses the remote socket address when performing access controls on its UNIX socket.
A local attacker could use this to access privileged socket APIs and obtain administrator privileges.
This update adds support for more platforms.
A local attacker could use this to access privileged socket APIs and obtain administrator privileges.
This update adds support for more platforms.
Dokan redistributable are vulnerable to a buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitrary input that will trigger the vulnerability.
This module exploits a vulnerability in snapd which incorrectly validates and parses the remote socket address when performing access controls on its UNIX socket.
A local attacker could use this to access privileged socket APIs and obtain administrator privileges.
A local attacker could use this to access privileged socket APIs and obtain administrator privileges.
This update adds an exploit which implements the Rotten Potato technique to perform a Local Privilege Escalation.
It leverages on local DCOM DCE/RPC connections that can be reflected back to a listening TCP socket allowing access to an NTLM authentication challenge for LocalSystem user which can be replayed to the local DCOM activation service. An attacker who successfully exploited this vulnerability could bypass security and gain elevated privileges on a targeted system.
It leverages on local DCOM DCE/RPC connections that can be reflected back to a listening TCP socket allowing access to an NTLM authentication challenge for LocalSystem user which can be replayed to the local DCOM activation service. An attacker who successfully exploited this vulnerability could bypass security and gain elevated privileges on a targeted system.
Oracle Database Server is prone to a remote vulnerability that allows attackers to poison the data handled by the remote 'TNS Listener' component of the application.
This module tries to verify if the vulnerability is present in the 'TNS Listener' component of the database server, without deploying an agent.
This module tries to verify if the vulnerability is present in the 'TNS Listener' component of the database server, without deploying an agent.
Advantech WebAccess SCADA lack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer overflow and executes remote code.
The specific flaw exists within the parsing of CSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer.