The Container Manager Service accepts an access token provided by the user without verification allowing an arbitrary process to be created with another user identity leading to privilege escalation.
The Container Manager Service does not impersonate the caller when granting access to virtual disk images leading to privilege escalation.
The Container Manager Service creates an AppContainer process without impersonating the access token leading to privilege escalation.
This Metasploit module exploits a Perl injection vulnerability in the DjVu ANT parsing code of ExifTool versions 7.44 through 12.23 inclusive. The injection is used to execute a shell command using Perl backticks. The DjVu image can be embedded in a wrapper image using the HasselbladExif EXIF field.
The Container Manager Service does not configure STORVSP correctly when opening mapped named pipes leading to privilege escalation.
Microsoft Internet Explorer 8/11 and WPAD service ‘Jscript.dll’ – Use-After-Free
Tags: 0day, remote exploitDental Clinic Appointment Reservation System 1.0 – Authentication Bypass (SQLi)
Tags: 0day, remote exploitDental Clinic Appointment Reservation System 1.0 – ‘date’ UNION based SQL Injection (Authenticated)
Tags: 0day, remote exploit