Metasploit Wrap-Up 03/20/2026

♫ I Just Called ♫ To Say ♫ 7f45 4c46 0201 0100 0000 0000 0000 0000 0300 3e00 0100♫ This release contains 2 new exploit modules, 2 enhancements, and 7 bug fixes. Community contributor Chocapikk submitted both exploit modules this release: one targeting AVideo-Encoder’s getImage.php file and anothe...

EUVD-2014-4373

Malware in sbrugna...

Microsoft ACL Shortcomings

Hi @ll, the following is a substantially shortened version of and Windows NT supports access control for almost all its objects, "How Security Descriptors and Access Control Lists Work" and "How Permissions Work" provide a comprehensive and exhaustive explanation. "Access Control Lists" provides ...

Microsoft Windows - NTFS OwnerMandatory Label Privilege Bypass

Microsoft Windows - NTFS OwnerMandatory Label Privilege Bypass / Windows: NTFS Owner/Mandatory Label Privilege Bypass EoP Platform: Windows 10 1709 not tested 8.1 Update 2 or Windows 7 Class: Elevation of Privilege Summary: When creating a new file on an NTFS drive it’s possible to circumvent...

MS17-002: Description of the security update for SharePoint Server 2016: January 10, 2017

MS17-002: Description of the security update for SharePoint Server 2016: January 10, 2017 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, se...

Apple OS X Server Multiple Vulnerabilities (Dec 2016)

Apple OS X Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:apple:osxserver";...

CVE-2014-4446

Mail Service in Apple OS X Server before 4.0 does not enforce SACL changes until after a service restart, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a change made by an administrator...

Design/Logic Flaw

Mail Service in Apple OS X Server before 4.0 does not enforce SACL changes until after a service restart, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a change made by an administrator...

CVE-2014-4446

Mail Service in Apple OS X Server before 4.0 does not enforce SACL changes until after a service restart, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a change made by an administrator...

CVE-2014-4446

CVE-2014-4446 affects Mail Service on Apple OS X Server prior to 4.0. The SACL changes are cached and not enforced until the Mail service restarts, enabling remote authenticated users to bypass access restrictions in opportunistic circumstances. No explicit remediation details are provided in the...

Microsoft Windows - nt!SeObjectCreateSaclAccessBits() Missed ACE Bounds Checks (MS10-047)

Microsoft Windows nt!SeObjectCreateSaclAccessBits missed ACE bounds checks ---------------------------------------------------------------------------- CVE-2010-1890 An ACE is an Access Control Entry, of which many may be attached to an ACL Access Control List. On Windows, an ACL can be of type...

CVE-2010-0534

Wiki Server in Apple Mac OS X 10.6 before 10.6.3 does not enforce the service access control list SACL for weblogs during weblog creation, which allows remote authenticated users to publish content via HTTP requests...

CVE-2010-0534

Wiki Server in Apple Mac OS X 10.6 before 10.6.3 does not enforce the service access control list SACL for weblogs during weblog creation, which allows remote authenticated users to publish content via HTTP requests...