Microsoft Error Reporting Local Privilege Elevation Exploit

This Metasploit module takes advantage of a bug in the way Windows error reporting opens the report parser. If you open a report, Windows uses a relative path to locate the rendering program. By creating a specific alternate directory structure, we can coerce Windows into opening an arbitrary...

Jenkins 1.650 - Java Deserialization

Jenkins 1.650 - Java Deserialization import random import string from decimal import Decimal import requests from requests.exceptions import RequestException Exploit Title: Jenkins CVE-2016-0792 Deserialization Remote Exploit Google Dork: intitle: "Dashboard Jenkins" + "Manage Jenkins" Date:...

Mozilla Fast-Tracks Fix For Critical Firefox Flaw

Mozilla has fast-tracked a patch for a critical vulnerability affecting its flagship Firefox browser. The patch, which was originally slated for release on March 30, fixes a vulnerability that could allow remote code execution attacks. The flaw was originally released into the VulnDisco exploit...

PHPBB 2.0.20 persistent issues with avatars

PHPBB 2.0.20 multiple issues with avatars some problems persistently lie in the way it handles remote and uploaded avatars: a remote user can: 1 saturate the server with unuseful files, 'cause phpbb do not delete the previous one when you upload a new avatar 2 use PhpBB installations to launch...