:: Deepquest ::

This Metasploit module exploits a buffer overflow in the LabF nfsAxe 3.7 FTP Client allowing remote code execution.

When creating a new file on an NTFS drive it’s possible to circumvent security checks for setting an arbitrary owner and mandatory label leading to a non-admin user setting those parts of the security descriptor with non-standard values which could result in further attacks resulting privilege escalation.

On Microsoft Windows, the check for an AC token when impersonating the anonymous token does not check impersonation token’s security level leading to impersonating a non-AC anonymous token leading to privilege escalation.

On Microsoft Windows, when impersonating the anonymous token in an LPAC the WIN://NOAPPALLPKG security attribute is ignored leading to impersonating a non-LPAC token leading to privilege escalation.

On Microsoft Windows, the SMB server drivers (srv.sys and srv2.sys) do not check the destination of a NTFS mount point when manually handling a reparse operation leading to being able to locally open an arbitrary device via an SMB client which can result in privilege escalation.

Kentico CMS 11.0 – Buffer Overflow

Taxi Booking Script 1.0 – Cross-site Scripting

Xnami 1.0 – Cross-Site Scripting

PyroBatchFTP < 3.19 – Buffer Overflow

An information leak using speculative execution exists in CPUs by Intel, AMD, and to some extent, ARM.