YeaLink SIP-TXXXP 53.84.0.15 Command Injection
Posted by deepcore under exploit (No Respond)
YeaLink SIP-TXXXP version 53.84.0.15 suffers from a remote command injection vulnerability.
Archive for November, 2021
AbsoluteTelnet 11.24 Denial Of Service
Posted by deepcore under exploit (No Respond)
AbsoluteTelnet version 11.24 suffers from multiple denial of service vulnerabilities.
Apache HTTP Server 2.4.50 Remote Code Execution
Posted by deepcore under exploit (No Respond)
This is another variant of the Apache HTTP server version 2.4.50 remote code execution exploit.
Microsoft Windows WSAQuerySocketSecurity AppContainer Privilege Escalation
Posted by deepcore under exploit (No Respond)
The WSAQuerySocketSecurity API returns full anonymous impersonation tokens for connected peers in an AppContainer leading to a sandbox escape.
Massive Zero-Day Hole Found In Palo Alto Security Appliances
Posted by deepcore under exploit (No Respond)
Win32k NtGdiResetDC Use-After-Free / Local Privilege Escalation
Posted by deepcore under exploit (No Respond)
A use after free vulnerability exists in the NtGdiResetDC() function of Win32k which can be leveraged by an attacker to escalate privileges to those of NT AUTHORITY\SYSTEM. The flaw exists due to the fact that this function calls hdcOpenDCW(), which performs a user mode callback. During this callback, attackers can call the NtGdiResetDC() function again […]
[webapps] FormaLMS 2.4.4 – Authentication Bypass
Posted by deepcore under Security (No Respond)
[dos] AbsoluteTelnet 11.24 – 'Phone' Denial of Service (PoC)
Posted by deepcore under Security (No Respond)
[dos] AbsoluteTelnet 11.24 – 'Username' Denial of Service (PoC)
Posted by deepcore under Security (No Respond)
[webapps] Apache HTTP Server 2.4.50 – Remote Code Execution (RCE) (3)
Posted by deepcore under Security (No Respond)
