Dropping Files on a Domain Controller Using CVE-2021-43893

On December 14, 2021, during the Log4Shell chaos, Microsoft published CVE-2021-43893, a remote privilege escalation vulnerability affecting the Windows Encrypted File System EFS. The vulnerability was credited to James Forshaw of Google Project Zero, but perhaps owing to the Log4Shell atmosphere,...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the 1 S44, 2 S5, 3 Sactionfail, 4 Sptnupdate, 5 T113, 6 T114, 7 T115, 8 T117117, 9 T118, 10 Tactionfail, 11 Tptnupdate, 12...