fox-foxone-exploit

markdown FoxFOXONE Driver Exploit Local privilege escalat...

Exploit for CVE-2026-0828

CVE-2026-0828 — Safetica ProcessMonitorDriver.sys BYOVD PoC S...

MS16-032-Cobalt-Strike-LPE-BOF

MS16-032 Beacon Object File BOF A Cobalt Strike Beacon Obje...

Exploit for CVE-2026-29923

CVE-2026-29923 — pstrip64.sys Local Privilege Escalation A mi...

CVE-2026-4858

Mattermost CVE-2026-4858 affects versions 11.6.x, 11.5.x, 11.4.x and 10.11.x where the integration action URL does not properly validate path traversal. This allows a malicious authenticated user to call an arbitrary API using the system admin Mattermost token by exploiting the path traversal in ...

Tekton Pipelines: Git resolver API mode leaks system-configured API token to user-controlled serverURL

Summary The Tekton Pipelines git resolver in API mode sends the system-configured Git API token to a user-controlled serverURL when the user omits the token parameter. A tenant with TaskRun or PipelineRun create permission can exfiltrate the shared API token GitHub PAT, GitLab token, etc. by...

CVE-2026-40161

Summary: Tekton Pipelines before 1.10.0, specifically the git resolver in API mode, can exfiltrate system-configured Git tokens when the token parameter is omitted. Affected software: Tekton Pipelines git resolver (API mode), versions 1.0.0–1.10.0. Vulnerability details: In API mode, the resolver...

CVE-2026-34990 OpenPrinting CUPS: Local print admin token disclosure using temporary printers

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local unprivileged user can coerce cupsd into authenticating to an attacker-controlled localhost IPP service with a reusable Authorization: Local ... token. That...

CVE-2025-63691

In pig-mesh In Pig version 3.8.2 and below, within the Token Management function under the System Management module, the token query interface /api/admin/sys-token/page has an improper permission verification issue, which leads to information leakage. This interface can be called by any user who...

EUVD-2024-16988

Malicious code in bioql PyPI...

CVE-2024-1221

This vulnerability potentially allows files on a PaperCut NG/MF server to be exposed using a specifically formed payload against the impacted API endpoint. The attacker must carry out some reconnaissance to gain knowledge of a system token. This CVE only affects Linux and macOS PaperCut NG/MF...

CVE-2024-1221

This vulnerability potentially allows files on a PaperCut NG/MF server to be exposed using a specifically formed payload against the impacted API endpoint. The attacker must carry out some reconnaissance to gain knowledge of a system token. This CVE only affects Linux and macOS PaperCut NG/MF...

PT-2024-17486 · Papercut · Papercut Ng/Mf

Name of the Vulnerable Software and Affected Versions: PaperCut NG/MF affected versions not specified Description: This issue potentially allows files on a PaperCut NG/MF server to be exposed using a specifically formed payload against the impacted API endpoint. The attacker must carry out some...

openSUSE: Security Advisory for rmt (SUSE-SU-2023:0019-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for rmt (SUSE-SU-2023:0020-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Windows Common Log File System Driver (clfs.sys) Elevation of Privilege Vulnerability

A privilege escalation vulnerability exists in the clfs.sys driver which comes installed by default on Windows 10 21H2, Windows 11 21H2 and Windows Server 20348 operating systems. The clfs.sys driver contains a function CreateLogFile that is used to create open and edit '.blf' base log format...

Windows Common Log File System Driver (clfs.sys) Privilege Escalation Exploit

A privilege escalation vulnerability exists in the clfs.sys driver which comes installed by default on Windows 10 21H2, Windows 11 21H2 and Windows Server 20348 operating systems. This Metasploit module exploit makes use to two different kinds of specially crafted .blf files. This module requires...

The vulnerability of the var sys_Token component in the wireless access point software of D-Link DAP-2020 and DAP-1360 allows a hacker to execute arbitrary code.

The vulnerability of the var sysToken component in the D-Link DAP-2020 and DAP-1360 wireless access points is related to buffer overflow in dynamic memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

Exploit for Out-of-bounds Write in Microsoft

CVE-2022-37969 Windows Local Privilege Escalation PoC authors...

SUSE-SU-2023:0023-1 Security update for rmt-server

This update for rmt-server fixes the following issues: Update to version 2.10: - Add option to turn off system token support bsc1205089 - Update the lastseenat column on zypper service refresh - Do not retry to import non-existing files in air-gapped mode bsc1204769 - CVE-2022-31254: Fixed a loca...