KLA11852 Security UI vulnerability in Microsoft Products (ESU)

A spoofing vulnerability was found in Microsoft Products Extended Support Update. Malicious users can exploit this vulnerability to spoof user interface. Original advisories CVE-2017-13080 Related products Microsoft-Windows Microsoft-Windows-Server Microsoft-Windows-Server-2012 Microsoft-Windows-...

GLSA-201710-16 : Shadow: Buffer overflow

The remote host is affected by the vulnerability described in GLSA-201710-16 Shadow: Buffer overflow Malformed input in the newusers tool may produce crashes and other unspecified behaviors. Impact : A remote attacker could possibly cause a Denial of Service condition or bypass privilege boundari...

LNK Code Execution Vulnerability

This module exploits a vulnerability in the handling of Windows Shortcut files .LNK that contain a dynamic icon, loaded from a malicious DLL. This vulnerability is a variant of MS15-020 CVE-2015-0096. The created LNK file is similar except an additional SpecialFolderDataBlock is included. The...

The vulnerability of the Vesta Control Panel server’s control panel lies in the lack of checking for the presence of a user session. This allows attackers to perform various manipulations on files and directories located on the server.

The vulnerability of the Vesta Control Panel’s control panel lies in the lack of checking for the presence of a user session in the files.php file web/file-manager/, which is responsible for the operation of the control panel’s file manager. Exploiting this vulnerability allows an attacker to...

The vulnerability of the Screensavercc component in the eLux RP operating system allows a hacker to execute arbitrary commands with root privileges.

The vulnerability of the Screensavercc component in the eLux RP operating system is related to the lack of measures to protect input data. Exploiting this vulnerability allows a malicious actor to bypass configuration restrictions and execute arbitrary commands with root privileges by inserting...

Cross-site Scripting (XSS)

craftcms/cms is vulnerable to cross-site scripting XSS attacks. The library does not properly encode HTML in the control panel, allowing a malicious user to inject and execute arbitrary webscript...

Cross-Site Scripting (XSS)

craftcms/cms is vulnerable to cross-site scripting XSS attacks. The library does not properly handle strings in the control panel, allowing a malicious user to inject and execute arbitrary web script...

Buffer overflow

In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes with a buffer overflow or other memory corruption or other unspecified behaviors. This crosses a privilege boundary in, for example,...

DEBIAN-CVE-2017-12424

In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes with a buffer overflow or other memory corruption or other unspecified behaviors. This crosses a privilege boundary in, for example,...

CVE-2017-12424

In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes with a buffer overflow or other memory corruption or other unspecified behaviors. This crosses a privilege boundary in, for example,...

CVE-2017-12424

In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes with a buffer overflow or other memory corruption or other unspecified behaviors. This crosses a privilege boundary in, for example,...

LNK Code Execution Vulnerability

This module exploits a vulnerability in the handling of Windows Shortcut files .LNK that contain a dynamic icon, loaded from a malicious DLL. This vulnerability is a variant of MS15-020 CVE-2015-0096. The created LNK file is similar except an additional SpecialFolderDataBlock is included. The...

Microsoft Windows LNK Shortcut File Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LNK Remote Code Execution Vulnerability', 'Description' = %q This module exploits a vulnerability in the handling of Windows Shortcut files .LNK...

Microsoft Windows - .LNK Shortcut File Code Execution (Metasploit)

Microsoft Windows - .LNK Shortcut File Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LNK Remote Code Execution Vulnerability', 'Description' = %q This module exploits...

Microsoft Windows - '.LNK' Shortcut File Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LNK Remote Code Execution Vulnerability', 'Description' = %q This module exploits a vulnerability in the handling of Windows Shortcut files .LNK...

Design/Logic Flaw

The Screensavercc component in eLux RP before 5.5.0 allows attackers to bypass intended configuration restrictions and execute arbitrary commands with root privileges by inserting commands in a local configuration dialog in the control panel...

CyberArk Viewfinity 5.5.10.95 - Local Privilege Escalation

CyberArk Viewfinity 5.5.10.95 - Local Privilege Escalation Exploit Title: Privilege Escalation via CyberArk Viewfinity 8. This will spawn a new CMD prompt. Verify you are now Admin...

CyberArk Viewfinity 5.5.10.95 - Local Privilege Escalation

Exploit Title: Privilege Escalation via CyberArk Viewfinity 8. This will spawn a new CMD prompt. Verify you are now Administrator by typing in "net sess...

XAMPP v5.6.30 Local Buffer Overflow Exploit

XAMPP v5.6.30 Local Buffer Overflow Exploit Usage Info 1- Run Xampp Control Panel xampp-control.exe 2- Click Config Editor 3- Select A Name With 257 Character Or up to 257 characters 4- Click Save 5- If You Click The Each Button The Softwar Will Crash Title : XAMPP v5.6.30 Local Buffer Overflow...

CVE-2017-8899

Invision Power Services IPS Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the attachments feature found in User CP. This can be triggered by any Invision Power Board user and can be used to gain access to moderator/admin accounts. The...