This Metasploit module attempts to gain root privileges on RHEL systems with a vulnerable version of Automatic Bug Reporting Tool (ABRT) configured as the crash handler. sosreport uses an insecure temporary directory, allowing local users to write to arbitrary files (CVE-2015-5287). This module has been tested successfully on abrt 2.1.11-12.el7 on RHEL 7.0 x86_64 and […]
vBulletin version 5.x pre-authentication remote code execution zero day exploit.
SpotIE Internet Explorer Password Recovery 2.9.5 – ‘Key’ Denial of Service
Tags: 0day, remote exploitMicrosoft SharePoint 2013 SP1 – ‘DestinationFolder’ Persistant Cross-Site Scripting
Tags: 0day, remote exploithttp://www.muang-bua.go.th/html/ notified by KURD ELECTRONIC TEAM
Tags: defacementGila CMS versions prior to 1.11.1 suffer from a local file inclusion vulnerability.
HPE Intelligent Management Center versions prior to 7.3 E0506P09 suffer from an information disclosure vulnerability.
Piwigo versions 2.9.5 and below suffer from cross site scripting, command execution, and remote SQL injection vulnerabilities.
The RDP termdd.sys driver improperly handles binds to internal-only channel MS_T120, allowing a malformed Disconnect Provider Indication message to cause a use-after-free. With a controllable data/size remote nonpaged pool spray, an indirect call gadget of the freed channel is used to achieve arbitrary code execution.