A use after free vulnerability exists in the NtGdiResetDC() function of Win32k which can be leveraged by an attacker to escalate privileges to those of NT AUTHORITY\SYSTEM. The flaw exists…
>> AUTHOR: deepcore
YeaLink SIP-TXXXP 53.84.0.15 – ‘cmd’ Command Injection (Authenticated)
Apache HTTP Server 2.4.50 – Remote Code Execution (RCE) (3)
AbsoluteTelnet 11.24 – ‘Username’ Denial of Service (PoC)
AbsoluteTelnet 11.24 – ‘Phone’ Denial of Service (PoC)
FormaLMS 2.4.4 – Authentication Bypass
This Metasploit module exploits a remote command injection vulnerability in Movable Type versions 7 r.5002 and below.
Google Assistant suffered from an authentication bypass vulnerability allowing a webpage to execute commands without permission.
Google Assistant suffered from an authentication bypass vulnerability allowing a webpage to execute commands without permission.
Employee Daily Task Management System 1.0 – ‘Name’ Stored Cross-Site Scripting (XSS)