98 matches found
CVE-2016-3168
The CVE-2016-3168 issue affects Drupal: System module in Drupal 6.x prior to 6.38 and 7.x prior to 7.43 is vulnerable to a reflected file download that can allow remote attackers to hijack the authentication of site administrators when downloading and executing files containing arbitrary JSON-enc...
CVE-2016-3168
The System module in Drupal 6.x before 6.38 and 7.x before 7.43 might allow remote attackers to hijack the authentication of site administrators for requests that download and run files with arbitrary JSON-encoded content, aka a "reflected file download vulnerability."...
Microsoft Windows XP SP3 (x86) / 2003 SP2 (x86) - 'NDProxy' Local Privilege Escalation (MS14-002)
/ Exploit Title: Windows NDProxy Privilege Escalation MS14-002 Date: 2015-08-03 Exploit Author: Tomislav Paskalev Vulnerable Software: Windows XP SP3 x86 Windows XP SP2 x86-64 Windows 2003 SP2 x86 Windows 2003 SP2 x86-64 Windows 2003 SP2 IA-64 Supported vulnerable software: Windows XP SP3 x86...
Huawei Mate 7 Local Elevation of Privilege Vulnerability
Huawei Mate 7 is a smartphone developed by the domestic company Huawei. A security vulnerability exists on the Huawei Mate 7 TEEOS module that allows local attackers to exploit the vulnerability to elevate privileges...
Microsoft Windows - Local Privilege Escalation (MS15-010)
Microsoft Windows - Local Privilege Escalation MS15-010 // ex.cpp / Windows XP/2K3/VISTA/2K8/7 WMSYSTIMER Kernel EoP CVE-2015-0003 March 2015 Public Release: May 24, 2015 Tested on: x86: Win 7 SP1 | Win 2k3 SP2 | Win XP SP3 x64: Win 2k8 SP1 | Win 2k8 R2 SP1 Author: Skylake - skylake mail com /...
BullGuard (Multiple Products) - Arbitrary Write Privilege Escalation
BullGuard Multiple Products - Arbitrary Write Privilege Escalation / Exploit Title - BullGuard Multiple Products Arbitrary Write Privilege Escalation Date - 04th February 2015 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://www.bullguard.com/ Tested Version - 14.1.285.4 Driver...
BullGuard (Multiple Products) - Arbitrary Write Privilege Escalation
/ Exploit Title - BullGuard Multiple Products Arbitrary Write Privilege Escalation Date - 04th February 2015 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://www.bullguard.com/ Tested Version - 14.1.285.4 Driver Version - 1.0.0.6 - BdAgent.sys Tested on OS - 32bit Windows XP SP3...
Symantec Altiris Agent 6.9 (Build 648) - Local Privilege Escalation
Symantec Altiris Agent 6.9 Build 648 - Local Privilege Escalation / Exploit Title - Symantec Altiris Agent Arbitrary Write Privilege Escalation Date - 01st February 2015 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://www.symantec.com Tested Version - 6.9 Build 648 Driver Version...
Trend Micro Multiple Products 8.0.1133 - Privilege Escalation Exploit
Exploit for windows platform in category local exploits / Exploit Title - Trend Micro Multiple Products Arbitrary Write Privilege Escalation Date - 31st January 2015 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://www.trendmicro.co.uk/ Tested Version - 8.0.1133 Driver Version -...
Cicada-known Enterprise Portal system v2. 5 sql injection to admin-vulnerability warning-the black bar safety net
The problem is when the user modifies the information of the place /system/module/user/control.php public function edit$account = " if!$ account or RUNMODE == 'front' $account = $this-app-user-account; if$this-app-user-account == 'guest' $this-locateinlink'login'; if! empty$POST...
CVE-2014-4742
Cross-site scripting XSS vulnerability in system/classlink.php in the System module modulesystem in Kajona before 4.5 allows remote attackers to inject arbitrary web script or HTML via the systemid parameter in a mediaFolder action to index.php...
Cross site scripting
Cross-site scripting XSS vulnerability in system/classlink.php in the System module modulesystem in Kajona before 4.5 allows remote attackers to inject arbitrary web script or HTML via the systemid parameter in a mediaFolder action to index.php...
Microsoft Windows - 'afd.sys' Local Kernel (PoC) (MS11-046)
/ MS11-046 Was a Zero day found in the wild , reported to MS by Steven Adair from the Shadowserver Foundation and Chris S . Ronnie Johndas wrote the writeup dissecting a malware with this exploit . I Rahul Sasifb1h2s just made the POC exploit available . Reference: ms8-66, ms6-49 Too lazy to add...
kernel: CAP_SYS_MODULE bypass via CAP_NET_ADMIN
The devload function in net/core/dev.c in the Linux kernel before 2.6.38 allows local users to bypass an intended CAPSYSMODULE capability requirement and load arbitrary modules by leveraging the CAPNETADMIN capability...
DESlock+ 4.1.10 - vdlptokn.sys Local Kernel Ring0 SYSTEM
DESlock+ 4.1.10 - vdlptokn.sys Local Kernel Ring0 SYSTEM / deslock-vdlptokn.c Copyright c 2009 by DESlock+ include include include define VDLPTOKNIOCTL 0x00222010 define DLKFDISKRIOCTL 0x80002008 define DLKFDISKSLOT 0x00000CF8 define ARGSIZEa a/sizeof void / Win2k3 SP1/2 - kernel EPROCESS token...
ESTsoft ALYac Anti-Virus 1.5 < 5.0.1.2 - Local Privilege Escalation
ESTsoft ALYac Anti-Virus 1.5 with AYDrvNT.sys = 5.0.1.2 Local Kernel Mode Privilege Escalation Vulnerability AUTHOR MJ0011 EMAIL thdecoder$126.com VULNERABLE PRODUCTS ALYac Anti-Virus 1.5 DETAILS: AYDrvNT.sys create a device called "AYDrvNTALYAC" , and handles the device io control code = 0x223e2...
Kingsoft WebShield KAVSafe.sys <= 2010.4.14.609(2010.5.23) Kernel Mode Local Privilege Escalation Vulnerability
Kavsafe.sys create a device called DeviceKAVSafe , and handles DeviceIoControl request IoControlCode = 0x830020d4 , which can overwrite arbitrary kernel module data Kingsoft WebShield = 3.5.1.2 2010.5.23 Signature Date: 2010-5-23 2:33:54 And KAVSafe.sys = 2010.4.14.609 Signature Date:2010-4-14...
CVE-2007-0136
Multiple cross-site scripting XSS vulnerabilities in Drupal before 4.6.11, and 4.7 before 4.7.5, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in the 1 filter and 2 system modules. NOTE: some of these details are obtained from third party information...