Oracle PeopleSoft ToolsRelease version 8.55.03, ToolsReleaseDB version 8.55, and HCM version 9.2 suffer from a server-side request forgery vulnerability.
Microsoft Windows suffers from a ManagementObject arbitrary .NET serialization remote code execution vulnerability.
Microsoft Windows suffers from a runtime broker ClipboardBroker privilege escalation vulnerability.
VirtualBox suffers from a guest-to-host local privilege escalation vulnerability via broken length handling in slirp copy.
VirtualBox suffers from an unprivileged host user to host kernel privilege escalation vulnerability via environment and ioctl.
This Metasploit module exploits two vulnerabilities the Trend Micro Threat Discovery Appliance. The first is an authentication bypass vulnerability via a file delete in logoff.cgi which resets the admin password back to ‘admin’ upon a reboot (CVE-2016-7552). The second is a cmd injection flaw using the timezone parameter in the admin_sys_time.cgi interface (CVE-2016-7547).
Microsoft Windows suffers from an IEETWCollector arbitrary directory / file deletion privilege escalation vulnerability.
WebKit suffers from a universal cross site scripting vulnerability in operationSpreadGeneric.
VirtualBox suffers from an unprivileged host user to host kernel privilege escalation via ALSA config.
Microsoft RTF CVE-2017-0199 proof of concept exploit.