The Cloud Files Mini Filter Driver (cldflt.sys) present in Microsoft Windows is vulnerable to a buffer overflow, which can result in out-of-bounds memory write to paged pool memory. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges.
This exploit leverages an information disclosure vulnerability in Microsoft Outlook. By using a crafted path, unauthorized access can be obtained, allowing for the theft of NTLM hashes.
This update add suport for unautheticated SMTP servers.
This update add suport for unautheticated SMTP servers.
Fortra's Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to gain elevated privileges.
An identified vulnerability in ScreenConnect allows attackers to bypass string comparison in the request path and access the setup wizard ("/SetupWizard.aspx") on configured instances. Exploiting this vulnerability enables an attacker to create an administrative user and upload a malicious ScreenConnect extension, potentially leading to remote code execution (RCE) on the server.
An authentication bypass vulnerability in Jetbrains TeamCity allows unauthenticated remote attackers to execute OS system commands.
The POST SMTP Mailer Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint. This makes it possible for unauthenticated attackers to reset the API key used to authenticate to the mailer and view logs, including password reset emails, allowing site takeover. This update adds support for LINUX and improves documentation.
Microsoft Windows Internet Shortcut is prone to a vulnerability that may allow remote attackers to bypass the SmartScreen security feature.
This module exploits the SmartScreen security feature to execute arbitrary code on affected installations of Microsoft Windows.
This module exploits the SmartScreen security feature to execute arbitrary code on affected installations of Microsoft Windows.
This vulnerability in Jenkins allows unauthenticated attackers to read arbitrary files in the Jenkins controller's file system. It arises from a function in the CLI command parser that replaces an '@' character followed by a file path with the file's content. By exploiting this vulnerability, attackers can gain unauthorized access to sensitive files and compromise the system's integrity.
This exploit leverages an information disclosure vulnerability in Microsoft Outlook. By using a crafted path, unauthorized access can be obtained, allowing for the theft of NTLM hashes.
A denial of service vulnerability exists in Event Logging Service when an authenticated attacker connects to the target system and sends specially crafted requests.