phpMyFAQ version 2.9.9 suffers from an issue where an administrative account can execute arbitrary code on the server by modifying LANG_CONF[main.metaDescription].
Dell Active Roles versions 7.1, 7.0.4, 7.0.3, 7.0.2, and 7.0 suffer from an unquoted service path privilege escalation vulnerability.
D-Link DCS-936L suffers from a cross site request forgery vulnerability.
Progress Sitefinity versions 10.0 and 10.1 suffer from broken access control and LINQ injection vulnerabilities.
VXSearch version 10.2.14 local SEH buffer overflow exploit that binds a shell to port 1337.
Google Chrome versions prior to 62 universal cross site scripting proof of concept exploit.
Anti-Virus solutions are split into several different components (an unprivileged user mode part, a privileged user mode part and a kernel component). Logically the different systems talk to each other. By abusing NTFS directory junctions it is possible from the unprivileged user mode part (“the UI”) to restore files from the virus quarantine with the […]
Many Vivotek IP cameras suffer from a remote stack overflow vulnerability. Device models include CC8160, CC8370, CC8371, CD8371, FD8166A, FD8166A, FD8166A-N, FD8167A, FD8167A, FD8167AS, FD8167AS, FD8169A, FD8169A, FD8169A, FD8169AS, FD8169AS, FD816B, FD816B, FD816BA, FD816BA, FD816C, FD816C, FD816CA, FD816CA, FD816D, FD8177, FD8179, FD8182, FD8182, FD8182-F1, FD8365A_v2, FD8367A, FD8367A, FD8369A, FD8369A, FD836B, FD836BA, FD836D, FD8377, FD8379, FD8382, […]
The enlightened lockdown policy check for COM Class instantiation can be bypassed in Scriptlet hosts leading to arbitrary code execution on a system with UMCI enabled (e.g. Device Guard).