This module leverages on a race condition in the Windows kernel using symbolic links to crash the system.
This update adds the CVE number
This update adds the CVE number
An OGNL injection vulnerability in Confluence Server and Data Center allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance.
The Canon TR150 print driver is vulnerable to a privilege escalation issue. During the add printer process an attacker can overwrite a DLL and, if timed properly, the overwritten DLL will be loaded into a SYSTEM process resulting in escalation of privileges.
A combination of a path confusion that leads to an authentication bypass (ACL), an elevation of privilege and an arbitrary file write vulnerability, allows unauthenticated attackers to execute commands with SYSTEM privileges in Microsoft Exchange Server.
CVE-2021-40449 is a use-after-free vulnerability in Win32k's NtGdiResetDC function. As with many other Win32k vulnerabilities, the root cause of this vulnerability lies in the ability to set user-mode callbacks and execute unexpected API functions during execution of those callbacks. The CVE-2021-40449 is triggered when the function ResetDC is executed a second time for the same handle during execution of its own callback.
This is a critical vulnerability in the MSHTML rendering engine. Microsoft Office applications use the MSHTML engine to process and display web content. An adversary who successfully exploits could achieve full control over a target system by using malicious ActiveX controls to execute arbitrary code.
This Update contains the following improvements:
-Default Connection method was changed to HTTPS
-Early Release Warning was removed
-Several "Application Name" in "Supported systems" property were added
-Added html obfuscation when possible to avoid AV detection
-All file names are randomized
-Now users can choose between using cab file method or not
This Update contains the following improvements:
-Default Connection method was changed to HTTPS
-Early Release Warning was removed
-Several "Application Name" in "Supported systems" property were added
-Added html obfuscation when possible to avoid AV detection
-All file names are randomized
-Now users can choose between using cab file method or not
This module leverages on a race condition in the Windows kernel using symbolic links to crash the system.
This is a critical vulnerability in the MSHTML rendering engine. Microsoft Office applications use the MSHTML engine to process and display web content. An adversary who successfully exploits could achieve full control over a target system by using malicious ActiveX controls to execute arbitrary code.
This module exploits MODAPI.sys in MSI Dragon Center 2.0.104.0 which allows low-privileged users to write an arbitrary value to a Model-Specific Register (MSR) at the specified address.
The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below, and G4 driver 4.2.1.0 and below are affected by a privilege escalation vulnerability. A standard low priviliged user can use the driver to execute a DLL of their choosing during the add printer process, resulting in escalation of privileges to SYSTEM.