Microsoft Windows allows for the automatic loading of a profiling COM object during the launch of a CLR process based on certain environment variables ostensibly to monitor execution. In this…
>> ARCHIVE: 2019-11
Xorg X11 Server – Local Privilege Escalation (Metasploit)
Pulse Secure VPN – Arbitrary Command Execution (Metasploit)
Bludit – Directory Traversal Image File Upload (Metasploit)
FreeSWITCH – Event Socket Command Execution (Metasploit)
FusionPBX – Operator Panel exec.php Command Execution (Metasploit)
Windows – Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit)
Windows – Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit)
iOS 12.4 – Sandbox Escape due to Integer Overflow in mediaserverd
Ubuntu 19.10 – Refcount Underflow and Type Confusion in shiftfs