Use-after-free vulnerability in the telephony service can lead to a Local Privilege Escalation in TapiSrv.
An elevation of privilege vulnerability exists due to the MS KS WOW Thunk kernel module allow accessing memory out of bounds. The vulnerability could allow an attacker to run code with elevated privileges.
In GeoServer prior to versions 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. The GeoTools library API that GeoServer calls evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-jxpath library which can execute arbitrary code when evaluating XPath expressions. This XPath evaluation is intended to be used only by complex feature types (i.e., Application Schema data stores) but is incorrectly being applied to simple feature types as well which makes this vulnerability apply to all GeoServer instances. In order to exploit this vulnerability, this module sends an evil XPath expression that after being processed by the commons-jxpath library allows us to deploy an agent.
This update adds support for domain users, improved user group validation, agent stability, and improved module output messages.
This exploit uses a technique called LNK stomping that allows specially crafted LNK files with non-standard target paths or internal structures to cause the file to be opened while bypassing Smart App Control and the Mark of the Web security warnings.
Veeam Backup and Replication deserialization of System.Runtime.Remoting.ObjRef .NET class type allows unauthenticated remote attackers to execute system commands in the context of the NT AUTHORITY\SYSTEM user.
This exploit leverages an information disclosure vulnerability in Microsoft Outlook. By using an image tag, unauthorized access can be obtained, allowing for the theft of NTLM hashes.
A directory traversal Vulnerability in the WhatsUp.ExportUtilities.Export.GetFileWithoutZip method of Progress WhatsUp Gold allows unauthenticated remote attackers to write arbitrary files in the system leading to execute system commands in the context of the IIS APPPOOL\NmConsole user.
The Windows NT operating system kernel executable (ntoskrnl.exe) present in Microsoft Windows is vulnerable to a race condition, which can result in arbitrary memory write. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges.
The vulnerability exists due to a boundary error within the Windows DWMCORE library. A local user can trigger a heap-based buffer overflow and execute arbitrary code with the DWM user with Integrity System privileges.