The doesGC function simply takes a node, and tells if it might cause a garbage collection. This function is used to determine whether to insert write barriers. But it is missing some cases such as StringCharAt, StringCharCodeAt and GetByVal that might cause a garbage collection via rope strings. As a result, it can lead to […]
Streamworks Job Scheduler Release 7 has all agents using the same X.509 certificates and keys issued by the vendor for authentication. The processing server component does not check received messages properly for authenticity. Agents installed on servers do not check received messages properly for authenticity. Agents and processing servers are vulnerable to the TLS Heartbleed […]
The WinRT RestrictedErrorInfo does not correctly check the validity of a handle to a section object which results in closing an unrelated handle which can lead to an elevation of privilege.
A number of Partial Trust Windows Runtime classes expose the XmlDocument class across process boundaries to less privileged callers which in its current form can be used to elevate privileges and escape the Edge Content LPAC sandbox.
This Metasploit module attempts to gain root privileges by exploiting a Python code injection vulnerability in blueman versions prior to 2.0.3. The org.blueman.Mechanism.EnableNetwork D-Bus interface exposes the set_dhcp_handler function which uses user input in a call to eval, without sanitization, resulting in arbitrary code execution as root. This module has been tested successfully with blueman […]
This Metasploit module utilizes the Net-NTLMv2 reflection between DCOM/RPC to achieve a SYSTEM handle for elevation of privilege. It requires a CLSID string.
Coship Wireless Router versions 4.0.0.48, 4.0.0.40, 5.0.0.54, 5.0.0.55, and 10.0.0.49 suffer from an unauthenticated admin password reset vulnerability.
FortiGate FortiOS versions prior to 6.0.3 suffer from an LDAP credential disclosure vulnerability.
Roxy Fileman version 1.4.5 suffers from an arbitrary file download vulnerability.
GL-AR300M-Lite version 2.27 suffers from command injection, file download, and directory traversal vulnerabilities.