There are a number of problems with the security model of 1Password that results in the local security model being disabled, as well as a number of security, sandboxing and virtualization features.
txtforum version 1.0.4 remote command execution exploit.
phpWebAdmin version 1.0 suffers from a remote SQL injection vulnerability.
A specially crafted web-page can cause MSIE 11 to interrupt the handling of one readystatechange event with another. This interrupts a call to one of the various CElement::Notify functions to make another such call and at least one of these functions is non-reentrant. This can have various repercussions, e.g. when an attacker triggers this vulnerability […]
CMS EditMe suffers from cross site request forgery vulnerability that allows for privilege escalation.
Reason Core Security version 1.1.2 suffers from an unquoted service path privilege escalation vulnerability.
Dolphin versions 7.3.2 and below suffer from authentication bypass and remote command execution vulnerabilities.
Linux kernel versions 4.4 and above where CONFIG_BPF_SYSCALL and kernel.unprivileged_bpf_disabled sysctl is not set to 1 allow for BPF to be abused for privilege escalation. Ubuntu 16.04 has all of these conditions met.
This Metasploit module exploits a stack buffer overflow in Disk Pulse Enterprise 9.0.34. If a malicious user sends a malicious HTTP login request, it is possible to execute a payload that would run under the Windows NT AUTHORITYSYSTEM account. Due to size constraints, this module uses the Egghunter technique.
http://www.rahul.pbn3.go.th/sa/dss.php notified by LogView7
Tags: defacement
