Zoho ManageEngine ADAudit Plus Arbitrary File Write Vulnerability

Zoho ManageEngine ADAudit Plus is a web-based Active Directory change auditing and reporting solution. An arbitrary file write vulnerability exists in Zoho ManageEngine ADAudit Plus versions prior to 7006, which can be exploited by an attacker to write and execute arbitrary files on the system...

Weidmueller Industrial WLAN devices OS Command Injection Vulnerability

Weidmueller Industrial WLAN devices is an industrial WIAN from Weidmueller, Germany. The Weidmueller Industrial WLAN devices suffer from an operating system command injection vulnerability that can be exploited by an attacker via a specially crafted diagnostic script filename to cause user input ...

Unspecified vulnerability in calipso

Calipso is a simple NodeJS content management system. Built on themes similar to Drupal and Wordpress, it is designed to be fast, flexible and simple. calipso has a security vulnerability that can be exploited by an attacker to overwrite files on any file system...

CVE-2021-27077

Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26863, CVE-2021-26875, CVE-2021-26900. Recent assessments: gwillcox-r7 at March 11, 2021 6:25pm UTC reported: Interesting, so this was a bug within win32kfull.sys!BLTRECORD::bRotate originally disclosed by ZDI...

DirectX Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with...

DirectX Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with...

CVE-2019-17009

CVE-2019-17009 affects Mozilla Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox

DirectX Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with...

CVE-2019-1017

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data;...

Win32k Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data;...

DirectX Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with...

PowerShell Runspace Post Exploitation Toolkit: p0wnedShell

p0wnedShell is an offensive PowerShell host application written in C that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment .NET. It has a lot of offensive PowerShell modules and binaries included to make the process of Post...

Sony Playstation 4 (PS4) - NamedObj Kernel Exploit Overview Vulnerability

Exploit for hardware platform in category dos / poc Introduction So fail0verflow released a writeup today on the namedobj exploit. I and a few others have had this exploit for some time but did not release as we received help indirectly from f0f, so it was not entirely ours to release. Now that i...

Apple macOS 10.13.1 (High Sierra) - Insecure Cron System Local Privilege Escalation

Apple macOS 10.13.1 High Sierra - Insecure Cron System Local Privilege Escalation Recently I was working on an security issue in some other software that has yet to be disclosed which created a rather interesting condition. As a non-root user I was able to write to any file on the system that was...

Apple macOS 10.13.1 (High Sierra) - Insecure Cron System Local Privilege Escalation

Recently I was working on an security issue in some other software that has yet to be disclosed which created a rather interesting condition. As a non-root user I was able to write to any file on the system that was not SIP-protected but the resulting file would not be root-owned, even if it...

Preferred Guest 365 site classification navigation system HTTP_REFERER exist SQL injection vulnerability

No description provided by source...

UF FE /admin/systemXml/system-bean. xml information disclosure vulnerability

No description provided by source...

汇文图书书目检索系统未授权访问

No description provided by source...

Hackers Find A Way To Disable Car Airbags System

Car Hacking is a hot topic today. Today, many automobiles companies are offering vehicles that run on the mostly drive-by-wire system, which means that a majority of car's functions are electronically controlled, from instrument cluster to steering, brakes, and accelerator. No doubt these...

用友多个系统通用漏洞设计缺陷(自带已保存的口令)

简要描述： 详细说明： 默认密码 其实是根本不用输入密码，账号密码自动保存，点确认就登入了、 导致 源码泄露 可调试 源码 这套 系统很多套用友系统都带着，具体请看 WooYun: 用友多个系统通用漏洞导致接口信息泄露引发多数据库信息泄露（涉及多个大型厂商） 然后从这个得来的灵感 http://gpms.foton.com.cn/uapws/ http://erp.suning.com.cn/uapws/ http://fm2.cscec.com/uapws/ http://bap.ufida.com/uapws/ http://61.178.99.236:9002/uapws/...