The installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to version 4.8.02042 is vulnerable to path traversal and allows local attackers to create/overwrite files in arbitrary locations with system level privileges. The attack consists in sending a specially crafted IPC request to the TCP port 62522 on the loopback device, which is […]
ASUS Aura Sync 1.07.71 Privilege Escalation
ASUS Aura Sync version 1.07.71 ene.sys privilege escalation kernel exploit.
Windows Print Spooler Privilege Escalation
This is a proof of concept exploit that takes advantage of a privilege escalation vulnerability in the Windows Print Spooler.
FHEM 6.0 Local File Inclusion
FHEM version 6.0 suffers from a local file inclusion vulnerability.
Online Student Enrollment System 1.0 Shell Upload
This Metasploit module exploits a cross site request forgery vulnerability in Online Student Enrollment System version 1.0 to perform a shell upload.
iOS / macOS Wifi Proximity Kernel Double-Free
iOS and macOS suffered from a wifi proximity kernel double-free vulnerability in AWDL BSS Steering.
Inductive Automation Ignition Remote Code Execution
This Metasploit module exploits a Java deserialization vulnerability in the Inductive Automation Ignition SCADA product, versions 8.0.0 to (and including) 8.0.7. This exploit was tested on versions 8.0.0 and 8.0.7 on both Linux and Windows. The default configuration is exploitable by an unauthenticated attacker, which can achieve remote code execution as SYSTEM on a Windows […]
[local] KiteService 1.2020.618.0 – Unquoted Service Path
KiteService 1.2020.618.0 – Unquoted Service Path
[webapps] OpenEMR 5.0.1 – 'controller' Remote Code Execution
OpenEMR 5.0.1 – ‘controller’ Remote Code Execution