The POST SMTP Mailer Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint. This makes it possible for unauthenticated attackers to reset the API key used to authenticate to the mailer and view logs, including password reset emails, allowing site takeover.

This exploit leverages an information disclosure vulnerability in Microsoft WordPad. By using a malicious file, unauthorized access can be obtained, allowing for the theft of NTLM hashes.

Oracle WebLogic Server is prone to a remote vulnerability due to deserialization of untrusted inputs, allowing attackers to instantiate arbitrary Java objects leading to remote code execution. This update avoids a very long attack sequence when first try fails.

An OGNL injection vulnerability in Atlassian Confluence allows unauthenticated remote attackers to execute OS system commands.

Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.

The Ancillary Function Driver (AFD.sys) present in Microsoft Windows is vulnerable to a double-fetch that causes an integer overflow, which can result in out-of-bounds memory write to non-paged pool memory. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges by calling to the WSASendMsg function with crafted parameters.

The vulnerability allows to an unauthenticated attacker to register as an administrator and take full control of the website. The problem occurs with the plugin registration form. In this form it's possible to change certain values for the account to be registered. This includes the "wp_capabilities" value, which determines the user's role on the website. This update adds a print in the module output window.

The vulnerability allows to an unauthenticated attacker to register as an administrator and take full control of the website. The problem occurs with the plugin registration form. In this form it's possible to change certain values for the account to be registered. This includes the "wp_capabilities" value, which determines the user's role on the website.

The vulnerability is a pointer override that is reached by calling DeviceIoControl within IRP_MJ_DEVICE_CONTROL and called using the IOCTL 0x80002018.

A dll hijacking allows to inject DLLs into some privileged processes that contain an embedded manifest file with the tags level="asInvoker" and uiAccess="true". This allows to an user in administrator group to elevate from Medium to High integrity level