NewType FlowMaster BPM Plus 安全漏洞

NewType FlowMaster BPM Plus is a business process management system from NewType, a Chinese company. A security vulnerability exists in NewType FlowMaster BPM Plus that stems from an elevation-of-privilege vulnerability that could allow a remote attacker with regular privileges to elevate their...

in bigprof-software/online-rental-property-manager

💥 BUG privilege escalation bug to add employmentandincomehistory to a applicant . 💥 IMPACT unprivileged user can add employmentandincomehistory to a applicant 💥 STEP TO REPRODUCE 1. From admin account goto http://localhost/online-rental/app/admin/pageViewMembers.php and add new user called user-B...

VulnCheck KEV: CVE-2019-0880

A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity...

SUSE SLES11 Security Update : glibc (SUSE-SU-2018:0075-1)

This update for glibc fixes the following issues : - A privilege escalation bug in the realpath function has been fixed. CVE-2018-1000001, bsc1074293 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to...

SUSE-SU-2018:0076-1 Security update for glibc

This update for glibc fixes the following issues: - A privilege escalation bug in the realpath function has been fixed. CVE-2018-1000001, bsc1074293 - A buffer manipulation vulnerability in nscd has been fixed that could possibly have lead to an nscd daemon crash or code execution as the user...

Firefox PDF.js Privileged Javascript Injection

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Firefox PDF.js Privileged Javascript Injection', 'Description' = %q This module gains remote code execution on Firefox 35-36 by...

July 2013 Microsoft Patch Tuesday Security Updates

A critical Windows kernel vulnerability, publicly disclosed in May by a Google security engineer, will be patched tomorrow when Microsoft releases its July Patch Tuesday security updates. Tavis Ormandy, who has controversially disclosed Windows vulnerability details in the past, made a posting to...

Linux Kernel 2.6.32 < 3.x (CentOS 5/6) - 'PERF_EVENTS' Local Privilege Escalation (1)

/ linux 2.6.37-3.x.x x8664, 100 LOC gcc-4.6 -O2 semtex.c && ./a.out 2010 [email protected], salut! update may 2013: seems like centos 2.6.32 backported the perf bug, lol. jewgold to 115T6jzGrVMgQ2Nt1Wnua7Ch1EuL9WXT2g if you insist. EDB Note: Update...