The installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to version 4.8.02042 is vulnerable to path traversal and allows local attackers to create/overwrite files in arbitrary locations with system level privileges. The attack consists in sending a specially crafted IPC request to the TCP port 62522 on the loopback device, which is […]
ASUS Aura Sync version 1.07.71 ene.sys privilege escalation kernel exploit.
This is a proof of concept exploit that takes advantage of a privilege escalation vulnerability in the Windows Print Spooler.
FHEM version 6.0 suffers from a local file inclusion vulnerability.
This Metasploit module exploits a cross site request forgery vulnerability in Online Student Enrollment System version 1.0 to perform a shell upload.
iOS and macOS suffered from a wifi proximity kernel double-free vulnerability in AWDL BSS Steering.
This Metasploit module exploits a Java deserialization vulnerability in the Inductive Automation Ignition SCADA product, versions 8.0.0 to (and including) 8.0.7. This exploit was tested on versions 8.0.0 and 8.0.7 on both Linux and Windows. The default configuration is exploitable by an unauthenticated attacker, which can achieve remote code execution as SYSTEM on a Windows […]